SOC and TI Lead

Experience: 8+ years in SOC, Sentinel, AZURE & TI

SOC

• Solid understanding of information security concepts, SOC operations.
• Experience with SIEM tools, incident response, and vulnerability management.
• Hands-on experience with SIEM platform MS Sentinel
• Knowledge of network protocols, IDS/IPS, firewalls, and endpoint security solutions.
• Familiarity with MITRE ATT&CK framework and threat hunting techniques.
• Ability to analyze logs from multiple sources (Windows, Linux, network devices).
• Basic scripting skills (Python, PowerShell) for automation and investigation.
• Excellent communication and documentation skills for reporting and escalation.
• Ability to work in rotational shifts and under pressure during incidents.
• Understanding ITIL processes for incident, problem, and change management.
• Understanding log sources, and event correlation.
• Familiarity with Azure security services (Azure AD, Key Vault, NSGs, Private Link).
• Knowledge of incident response lifecycle and SOC processes.
• Awareness of compliance frameworks (NIST, ISO 27001, GDPR.

TI

• Collect and analyze threat data from internal and external sources (ISACs, open-source, commercial feeds).
• Correlate Indicators of Compromise (IoCs) with organizational assets to assess exposure.
• Identify and track Indicators of Compromise (IOCs) such as malicious IPs, domains, file hashes, and URLs.
• Detect and analyze Indicators of Attack (IOAs) including behavioral patterns, tactics, and techniques used by adversaries.
• Collaborate with DFIR teams to provide threat intelligence during forensic investigations and incident response.
• Produce actionable intelligence reports for SOC, Incident Response, and Risk teams.
• Develop and maintain threat intelligence platforms and feeds.
• Map threats to frameworks such as MITRE ATT&CK for detection and response alignment.
• Collaborate with SOC and IR teams to support investigations and threat hunting.
• Monitor dark web, forums, and underground channels for potential threats.
• Provide recommendations for improving security posture based on intelligence findings.
• Stay updated on emerging threats, vulnerabilities, and regulatory requirements.