Profile Summary:
As a Level 3 Cyber Defense Operations Center (CDOC) Specialist, you will lead advanced security operations with a focus on SIEM and SOAR technologies, driving detection engineering, automated response, and complex incident handling. You鈥檒l be responsible for optimizing detection rules, developing playbooks, and managing high-severity incidents from triage to resolution. In parallel, you鈥檒l mentor Level 1 and 2 analysts, preparing to lead your own team in the future. While EDR remains part of the security stack, your primary emphasis is on leading Incident Response activities leveraging SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise, leadership potential, and a proactive approach to evolving threats.
Job Description :-
鈼廜versee daily operations including SIEM/SOAR tuning, alert triage, and coordinated incident response to ensure effective real-time threat monitoring.
鈼廘ead end-to-end security incident response, including analysis, containment, mitigation, and reporting, leveraging SIEM/SOAR insights and cross-team coordination for swift resolution.
鈼廌esign and implement detective controls for emerging threats and vulnerabilities.
鈼廝erform proactive threat hunting across multiple platforms and environments.
鈼廠upport in designing and maintaining detection rules, response playbooks, and escalation paths aligned with threat intelligence and compliance.
鈼廋ontinuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities.
鈼廇ct as a senior liaison with threat intelligence and infrastructure teams to enhance detection and response capabilities.
鈼廟esearch emerging threats, vulnerabilities, and attack techniques to improve defenses.
鈼廝articipate in a 24/7 on-call rotation to support incident response and critical investigations.
鈼廌ocument incident response activities and produce detailed reports for stakeholders.
鈼廋onduct post-incident reviews to drive improvements in tools, processes, and readiness.
鈼廋ollaborate across teams to improve the organization鈥檚 threat detection and response maturity.
鈼廙aintain detailed incident records, contribute to reporting, and support audit readiness.
鈼廏uide and train junior analysts, promoting best practices and continuous improvement within the SOC.
鈼廍nsure detection and response processes align with regulatory and organizational standards.
鈼廠tay up to date on emerging threats and technologies to continuously evolve SOC capabilities.
鈼廠upport comprehensive asset inventory and ownership mapping to ensure full monitoring coverage.