Engineer-Cybersecurity

Area(s) of responsibility

• Continuously monitor SIEM, EDR, IDS/IPS, firewalls, and log sources for suspicious activity.
• Perform initial triage and classification of alerts based on severity, scope, and impact.
• Escalate validated incidents to L2 SOC analysts in line with SOC playbooks and escalation matrix.

• Verify log ingestion and forwarding from SIEM, EDR, IDS/IPS, and other security platforms.
• Identify tool or data gaps and escalate to L2 SOC or security engineering teams.

• Maintain accurate and detailed incident records, triage notes, and escalation details.
• Document recurring false positives and suggest playbook improvements.
• Create and update tickets in the SOC case management system.

• Serve as the first point of contact for customer-reported security incidents.
• Perform preliminary analysis of suspicious emails, URLs, and attachments.
• Follow MSSP and customer-specific SLA-driven escalation workflows.

• Review vulnerability scan reports and escalate high-severity findings to L2/security engineers.
• Experience in Vulnerability management
• Assist in preparing daily/weekly SOC dashboards, reports, and metrics for management and customers.