Art Technology and Software - SOC Lead/Senior Consultant - SIEM/SOAR

Description :

Key Responsibilities :

- Lead deeper security investigations (L2/L3) and advanced triage of escalated alerts across SIEM, EDR, and email security platforms.

- Collaborate with Threat Detection, Incident Response, and Threat Hunting teams to validate and escalate potential threats.

- Oversee quality assurance of security tickets and ensure accurate root cause and kill chain identification.

- Manage the design and optimization of detection rules, threat correlation logic, and playbooks within SIEM/SOAR tools.

- Provide subject matter expertise in high-severity incident response and containment, ensuring coordinated communication with clients and internal stakeholders.

- Conduct and support Purple Team simulations and threat validation exercises to assess detection efficacy.

- Mentor and guide SOC analysts, fostering technical growth and enforcing operational discipline.

- Coordinate with enterprise teams on email and cloud security incidents, leading Proofpoint and Microsoft 365 Defender investigations.

- Define and maintain documentation including incident response procedures, triage guides, and detection playbooks.

- Contribute to automation initiatives to reduce repetitive manual work and improve response efficiency.

Core Skills and Experience :

- 9+ years of cybersecurity operations experience, with at least 34 years in SOC L2/L3 or senior incident response roles.

- Hands-on expertise with multiple SIEM platforms (e.g., AWS, Azure Wazuh, Splunk, Log360, Elastic).

- Proficient with leading EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, Fortinet.

- Strong working knowledge of Email Security (TAP, DLP, Threat Response, SPF/DKIM/DMARC) tools such as FortiMail, Microsoft Purview, Proofpoint

- Expertise in attack vectors, MITRE ATT&CK mapping, threat analysis, and incident containment strategies.

- Solid understanding of enterprise infrastructure networks, firewalls, endpoint platforms, OS (Windows/Linux), and web applications.

- Excellent knowledge of cloud security operations across Azure, AWS, and Google Cloud.

- Awareness of major security frameworks : ISO 27001, NIST, CIS, OWASP, and PCI DSS.

- Functional knowledge of SOAR automation and orchestration workflows.

Leadership and Delivery :

- Lead service operations ensuring incident SLAs are consistently met.

- Conduct regular performance reviews and provide knowledge-sharing sessions to elevate SOC maturity.

- Liaise with customers to discuss incident outcomes, mitigations, and improvement recommendations.

- Manage process documentation and enforce consistent global SOC methodologies.

Desired Certifications :

- CEH, GCIA, GCIH, CISSP, or equivalent cybersecurity certifications.

- Vendor-specific credentials (Microsoft, Proofpoint, or SIEM/EDR certifications) preferred.

Additional Attributes :

- Strong analytical, investigative, and documentation skills.

- Excellent communication and presentation abilities.

- Self-driven with ability to manage multiple escalations under pressure.

- Flexible to work in a 24x7 rotational environment if required.