1. Security Incident Response & Investigation

Lead the investigation and remediation of escalated security incidents.
Perform deep forensic analysis on compromised hosts, network traffic, and logs.
Conduct root cause analysis (RCA) and recommend long-term security improvements.
Guide L1 and L2 analysts in incident handling and provide technical expertise.
Ensure effective containment, eradication, and recovery strategies for incidents.

2. Threat Hunting & Threat Intelligence

Proactively hunt for threats using SIEM, EDR, and network monitoring tools.
Analyze logs, network flows, and endpoint behaviors to detect advanced threats.
Integrate Threat Intelligence (TI) feeds into detection and response workflows.
Research and track APT (Advanced Persistent Threat) groups and emerging attack tactics.

3. Security Engineering & SIEM Tuning

Develop and fine-tune security rules, correlation logic, and alerts in SIEM (e.g., Splunk, QRadar, Sentinel).
Improve automation workflows using SOAR (Security Orchestration, Automation, and Response).
Optimize IDS/IPS, firewalls, and endpoint security configurations to enhance protection.
Identify false positives and adjust detection mechanisms accordingly.

4. Digital Forensics & Malware Analysis

Conduct forensic analysis on compromised systems, including memory and disk analysis.
Reverse-engineer malware to understand its behavior and identify Indicators of Compromise (IoCs).
Preserve and analyze digital evidence for legal or compliance investigations.
Develop playbooks and procedures for handling various attack scenarios.

5. Incident Handling & Playbook Development

Create and refine incident response playbooks and workflows.
Ensure alignment with industry best practices (NIST, MITRE ATT&CK, Cyber Kill Chain).
Collaborate with Red Team to validate detections and improve SOC maturity.
Provide hands-on training and mentorship to junior SOC analysts.

6. Compliance & Reporting

Ensure compliance with industry standards (ISO 27001, NIST, PCI-DSS, GDPR).
Generate security reports and brief executive leadership on threats and incidents.
Support security audits, risk assessments, and compliance initiatives.

Key Responsibilities

1. Security Incident Response & Investigation

Lead the investigation and remediation of escalated security incidents.
Perform deep forensic analysis on compromised hosts, network traffic, and logs.
Conduct root cause analysis (RCA) and recommend long-term security improvements.
Guide L1 and L2 analysts in incident handling and provide technical expertise.
Ensure effective containment, eradication, and recovery strategies for incidents.

2. Threat Hunting & Threat Intelligence

Proactively hunt for threats using SIEM, EDR, and network monitoring tools.
Analyze logs, network flows, and endpoint behaviors to detect advanced threats.
Integrate Threat Intelligence (TI) feeds into detection and response workflows.
Research and track APT (Advanced Persistent Threat) groups and emerging attack tactics.

3. Security Engineering & SIEM Tuning

Develop and fine-tune security rules, correlation logic, and alerts in SIEM (e.g., Splunk, QRadar, Sentinel).
Improve automation workflows using SOAR (Security Orchestration, Automation, and Response).
Optimize IDS/IPS, firewalls, and endpoint security configurations to enhance protection.
Identify false positives and adjust detection mechanisms accordingly.

4. Digital Forensics & Malware Analysis

Conduct forensic analysis on compromised systems, including memory and disk analysis.
Reverse-engineer malware to understand its behavior and identify Indicators of Compromise (IoCs).
Preserve and analyze digital evidence for legal or compliance investigations.
Develop playbooks and procedures for handling various attack scenarios.

5. Incident Handling & Playbook Development

Create and refine incident response playbooks and workflows.
Ensure alignment with industry best practices (NIST, MITRE ATT&CK, Cyber Kill Chain).
Collaborate with Red Team to validate detections and improve SOC maturity.
Provide hands-on training and mentorship to junior SOC analysts.

6. Compliance & Reporting

Ensure compliance with industry standards (ISO 27001, NIST, PCI-DSS, GDPR).
Generate security reports and brief executive leadership on threats and incidents.
Support security audits, risk assessments, and compliance initiatives.

Required Skills & Qualifications:

1. Technical Skills:

Strong expertise in SIEM platforms (Splunk, QRadar, Microsoft Sentinel, ArcSight).
Experience with Endpoint Detection & Response (EDR) solutions (CrowdStrike, Carbon Black, Defender ATP).
Proficiency in Threat Intelligence Platforms (TIPs) and MITRE ATT&CK framework.
Hands-on experience with IDS/IPS, Firewalls, Proxy, WAF, and Network Security Monitoring (NSM) tools.
Knowledge of digital forensics & malware analysis using tools like Volatility, Autopsy, or IDA Pro.
Strong understanding of cloud security (Azure, AWS, GCP) and container security (Kubernetes, Docker).
Experience in security automation using Python, PowerShell, or Bash scripting.

2. Soft Skills:

Strong analytical and problem-solving skills.
Excellent communication and documentation skills.
Ability to work independently and handle high-pressure incidents.
Leadership and mentoring skills to support SOC team growth.
GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM)
Microsoft SC-200 (Security Operations Analyst Associate)

Qualification & Certification

Any Graduate (IT, Computers, ENTC, Electronics).

Certifications (Preferred but not Mandatory):

EXPERIENCE

5+ years of experience in a SOC, cybersecurity, or threat intelligence role.

Strong background in incident handling, forensics, and SIEM management.

Experience with attack simulation, penetration testing, or red team exercises is a plus.

Security Operations Manager