SOC Operation Engineer

Key Responsibilities 

• Investigate and respond to complex security alerts across SIEM, EDR, network, endpoint, email, web, WAF, and DLP platforms.

• Perform in-depth analysis of high-severity incidents to validate true/false positives and determine impact and root cause.

• Support incident containment, eradication, and recovery activities in collaboration with Incident Response and Security Engineering teams.

• Conduct proactive threat hunting using threat intelligence, IOCs, and attacker TTPs to identify hidden threats.

• Monitor and maintain the health, coverage, and effectiveness of security tools, ensuring full log visibility and data integrity.

• Identify detection gaps, excessive false positives, and under-utilised features; recommend tuning and optimisation improvements.

• Develop, update, and maintain SOC playbooks, procedures, and operational workflows to improve response efficiency.

• Produce accurate incident documentation, operational reports, SOC metrics (MTTD, MTTR), and compliance-ready audit evidence.

Requirements 

• 4–7 years of experience in a SOC, Security Operations, or Cyber Defense role.

• Hands-on experience working with SIEM and EDR platforms in an enterprise environment.

• Strong understanding of network, endpoint, email, web, WAF, and DLP security controls.

• Proven experience investigating security incidents such as malware infections, phishing attacks, and insider threats.

• Familiarity with threat intelligence concepts, frameworks, and attacker methodologies.

• Knowledge of regulatory and compliance frameworks relevant to banking, such as PCI DSS, ISO 27001, and NIST.

• Strong analytical, problem-solving, and documentation skills with attention to detail.

• Ability to collaborate effectively with cross-functional teams and communicate findings clearly to both technical and non-technical stakeholders.