Original listing text, shown exactly as published by the company.
What You Will Be Doing
Incident Triage & Investigation
- Serve as the primary escalation point for alerts triaged by L1 analysts.
- Conduct detailed analysis of security alerts from a wide range of sources (SIEM, EDR, CSPM, Cloud-native tools) to validate threats and determine their scope.
- Investigate security incidents in our enterprise and cloud environments (AWS, Azure, GCP), correlating data to build a complete picture of attacker activity.
- Perform deep-dive analysis of logs, kubernetes containers, and endpoint data to identify indicators of compromise (IOCs).
Incident Response & Automation
- Execute and tune automated response playbooks using our SOAR platform for common security incidents.
- Perform timely incident response actions, such as isolating compromised hosts, blocking
malicious IPs/domains, and disabling compromised accounts.
- Utilize and modify existing scripts (primarily Python) to assist with automated evidence collection and enrichment.
- Document all investigation steps, findings, and containment actions in our incident management system.
Threat Hunting & Cloud Monitoring
- Participate in hypothesis based threat hunting campaigns based on new threat intelligence or hypotheses developed by senior analysts.
- Actively monitor and analyze security logs from cloud-native tools (e.g., AWS GuardDuty, CloudTrail,Cloudflare, Azure,etc.) and kubernetes containers.
- Assist in tuning detection rules and identifying false positives to help improve the fidelity of our security alerts.
Continuous Improvement & Collaboration
- Escalate complex, high-severity, or unresolved incidents to L3 Analysts and the Incident Response team with detailed handover notes.
- Contribute to the refinement of SOC documentation, including Standard Operating Procedures (SOPs) and investigation runbooks.
- Provide guidance and mentorship to L1 analysts on triage techniques and alert analysis.
What You Bring
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Willingness and ability to work in a 24/7 rotational shift environment (morning, afternoon, and night).
- 4-6 years of experience in a Security Operations (SOC) environment, with demonstrated L2 capabilities.
- Cloud & Container Security Experience: Hands-on experience monitoring and responding to alerts in at least one major cloud provider (AWS, Azure, or GCP); fundamental knowledge on container security
- Technical Expertise: Strong, hands-on experience with SIEM (e.g., CrowdStrike, Splunk, QRadar, Azure Sentinel) and EDR (e.g., CrowdStrike, SentinelOne) platforms.
- AI/Automation Familiarity: Experience using a SOAR platform and familiarity with AI tools and their practical implementation.
- Strong working knowledge of the MITRE ATT&CK framework and its application to
incident analysis.
