Cyber Security SOC Engineer
This role is responsible for the day-to-day operation of a highly available distributed multi-clustered multi-tenant SIEM, SOAR, EDR deployment.
The successful candidate will support onboarding and maintenance of a wide variety of data sources, including various OS, appliance, and application logs.
They will create queries, dashboards, and visualisations to support customer requirements and troubleshoot and remediate issues as they arise with data ingestion.
This includes tracking and resolving security engineering incidents on regular frequencies and collaborating with other teams for resolution and suggesting areas for improvement.
Responsibilities also include complete life-cycle management with event source system administrator/owners, including coordination and planning for system upgrades, new systems, and maintaining current operational event flows.
The Cyber Security SOC Engineer will take the lead and manage/coordinate relationships, projects, and open issues with vendor support.
Technical design and administration of security controls and services, and architecture, e.g. infrastructure and/or network systems, application security tools and processes, and/or incident response functions, are also key responsibilities.
Maintaining documentation for the solution environment and developing technical documentation as required is another essential task.
The successful candidate will be responsible for configuring enterprise security log sources into the SIEM, EDR SOAR, VA solution.
They will continuously assess the current state of security monitoring and recommend improvements.
Staying up-to-date with the latest threats and technological advancements in the field is crucial for this role.
A minimum of 3-4 years of experience in the information security or IT field, specifically in SIEM deployment, is required.
The ideal candidate will have a strong understanding of SIEM and UEBA, as well as knowledge of scripting languages such as Python and PowerShell.
Working knowledge of machine learning in cybersecurity and cloud technologies is also necessary.
A good understanding of infrastructure, log collection methodologies, and aggregation techniques is essential for success in this role.
Experience integrating endpoint security and host-based intrusion detection solutions is also desirable.
The Cyber Security SOC Engineer should have expertise in TCP/IP network traffic and event log analysis.
A Bachelor's Degree or equivalent is preferred, and fluency in English is required.