Perform advanced monitoring, analysis, and investigation of security alerts and incidents.
Act as an escalation point for complex incidents and support L1/L2 analysts.
Lead incident response activities including containment, eradication, recovery, and root cause analysis.
Conduct threat hunting by analyzing logs, network traffic, and endpoint behavior.
Fine-tune SIEM use cases, detection rules, and alerts to improve threat visibility.
Coordinate with IT, network, application, and cloud teams for remediation activities.
Support vulnerability management and risk assessment initiatives.
Assist in security audits, compliance activities, and regulatory requirements.
Prepare detailed incident reports, dashboards, and metrics for management.
Stay updated on emerging threats, vulnerabilities, and attack techniques.
Requirements
5+ years of experience in cybersecurity operations or SOC roles.
Strong understanding of cyber threats, attack vectors, and MITRE ATT&CK framework.
Hands-on experience with SIEM platforms (Splunk, QRadar, Sentinel, ArcSight).
Experience with EDR/XDR, email security, and network security tools.
Strong knowledge of Windows and Linux operating systems.
Good understanding of networking fundamentals (TCP/IP, DNS, HTTP/S).
Experience in incident response, malware analysis (basic), and log analysis.
Preferred Skills
Experience with cloud security monitoring (AWS, Azure, GCP).
Exposure to SOAR tools and security automation.
Basic scripting skills (Python, PowerShell).
Experience mentoring junior analysts.
Preferred Certifications
CEH, CySA+, or Security+
CISSP (preferred but not mandatory)
GIAC certifications – added advantage