Profile Summary:
鈼廇s a Specialist- SOC Engineering, as part of the Cyber Defense Operations Center (CDOC) you will lead advanced security operations with a focus on SIEM and SOAR technologies, driving detection engineering, automated response, and complex incident handling. You鈥檒l be responsible for optimizing detection rules, developing playbooks, and managing high-severity incidents from triage to resolution. In parallel, you鈥檒l mentor Level 1 and 2 analysts, preparing to lead your own team in the future. While EDR remains part of the security stack, your primary emphasis is on engineering activities around SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise, leadership potential, and a proactive approach to evolving threats.
Job Description:
鈼廙anage and maintain NG SIEM solutions like Google Chronicle, Crowdstrike and support in leveraging SOAR capabilities by designing and implementing SOAR playbooks, including necessary integration and automation.
鈼廠upport on boarding and maintenance of a wide variety of data sources to include various OS, appliance, and application logs. Create Custom queries, custom dashboards, and visualizations.
鈼廌evelop and fine tune content for the different tools including but not limited to SIEM Use Cases, SOAR playbooks, Threat intelligence watchlist and rules.
鈼廠elect and recommend additional security solutions or enhance existing security solutions to improve overall METRO detection and response capabilities as per the METRO cyber security strategy.
鈼廌evelop appropriate use cases/playbooks/models/reports and alerts & develop custom parsers/connectors for integrating logs, wherever necessary or required.
鈼廝erform analysis on the reported incidents, determine the root cause and recommend the appropriate solution.
鈼廢se and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution.
鈼廟eduction of False Positives by fine tuning existing correlation rules/configuration/playbooks/models
鈼廇utomation with continuous improvements, Reduction in MTTR, MTTD and Improvement of overall posture of NG SIEM deployment to achieve best ROI.
鈼廍nsure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through SOC controls.
鈼廏enerate reports and documentation related to platform performance and continuous improvement recommendations for management and stakeholders.
鈼廍nsure the SIEM integration is intact among the SOC solutions and with other assets
鈼廌esign, create and customize the dashboards/reports as per the business needs.
鈼廋reate and manage NG SIEM knowledge objects to include apps, dashboards, saved and scheduled searches and alerts.