Original listing text, shown exactly as published by the company.
What You Will Be Doing
Advanced Threat Response & Escalation
- Serve as the final technical escalation point for complex security incidents escalated from L1/L2 analysts.
- Conduct in-depth forensic analysis of compromised systems, kubernetes containers, malware, and network traffic to determine the full scope of an incident (root cause,
impact, remediation).
- Lead the response to high-severity security incidents, especially those originating in or targeting our cloud infrastructure (AWS, Azure).
- Analyze and correlate data from diverse sources (e.g., SIEM, EDR, CSPM, cloud-native logs) to uncover sophisticated attack patterns.
Security Automation & Orchestration
- Design, build, and maintain automated response playbooks in our SOAR platform to handle high-volume alerts and repetitive tasks.
- Develop and maintain custom AI agents to automate evidence collection, alert enrichment, and containment actions.
- Integrate security tools (EDR, SIEM, Cloud Security tools) via APIs to create seamless,
automated workflows.
- Continuously identify and implement new automation opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
Proactive Threat Hunting & Cloud Security
- Proactively hunt for undetected threats across our enterprise and cloud environments using hypothesis-driven and intelligence-driven methods.
- Act as a Subject Matter Expert (SME) for cloud security monitoring, utilizing native tools like AWS GuardDuty, CloudTrail, CrowdStrike, Proofpoint,etc.
- Develop and tune advanced detection rules, SIEM correlation searches, and EDR queries based on new threat intelligence, hunting findings, and MITRE ATT&CK tactics.
Mentorship & Continuous Improvement
- Mentor and provide technical guidance to L1 and L2 analysts, helping to build their analytical and technical skills.
- Create and refine SOC documentation, including standard operating procedures (SOPs), runbooks, and incident response plans.
- Analyze incident trends and automation metrics to provide recommendations for improving security posture, detection logic, and playbook effectiveness.
What You Bring
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- 6-10 years of experience in a Security Operations (SOC) environment, with at least 4 years in a senior analyst, threat hunter, or L2/L3 role.
- Strong Cloud Security Skills: Deep, hands-on experience with security monitoring and incident response in at least one major cloud provider (AWS, Azure, or GCP).
- Strong Automation & AI Skills: Proven ability to write scripts for automation with an ability to implement AI based automations for SOC use cases.
- Technical Expertise: Hands-on experience with SOAR platforms (e.g., CrowdStrike Fusion, Splunk SOAR) and SIEMs (e.g., Splunk, QRadar, CrowdStrike Falcon).
- Deep understanding of modern EDR solutions, container security, and host/system.
- Expert-level knowledge of the MITRE ATT&CK framework and its application to threat hunting and detection engineering.
