Profile Summary:
As a Level 3 Cyber Defense Operations Center (CDOC) Specialist, you will lead advanced security operations with a focus on SIEM and SOAR technologies, driving detection engineering, automated response, and complex incident handling. You’ll be responsible for optimizing detection rules, developing playbooks, and managing high-severity incidents from triage to resolution. In parallel, you’ll mentor Level 1 and 2 analysts, preparing to lead your own team in the future. While EDR remains part of the security stack, your primary emphasis is on leading Incident Response activities leveraging SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise, leadership potential, and a proactive approach to evolving threats.
Job Description :-
●Oversee daily operations including SIEM/SOAR tuning, alert triage, and coordinated incident response to ensure effective real-time threat monitoring.
●Lead end-to-end security incident response, including analysis, containment, mitigation, and reporting, leveraging SIEM/SOAR insights and cross-team coordination for swift resolution.
●Design and implement detective controls for emerging threats and vulnerabilities.
●Perform proactive threat hunting across multiple platforms and environments.
●Support in designing and maintaining detection rules, response playbooks, and escalation paths aligned with threat intelligence and compliance.
●Continuously enhance SIEM/SOAR/XDR alert use cases and threat detection capabilities.
●Act as a senior liaison with threat intelligence and infrastructure teams to enhance detection and response capabilities.
●Research emerging threats, vulnerabilities, and attack techniques to improve defenses.
●Participate in a 24/7 on-call rotation to support incident response and critical investigations.
●Document incident response activities and produce detailed reports for stakeholders.
●Conduct post-incident reviews to drive improvements in tools, processes, and readiness.
●Collaborate across teams to improve the organization’s threat detection and response maturity.
●Maintain detailed incident records, contribute to reporting, and support audit readiness.
●Guide and train junior analysts, promoting best practices and continuous improvement within the SOC.
●Ensure detection and response processes align with regulatory and organizational standards.
●Stay up to date on emerging threats and technologies to continuously evolve SOC capabilities.
●Support comprehensive asset inventory and ownership mapping to ensure full monitoring coverage.