- Continuously assess and recommend the implementation of cutting-edge technologies relevant to cyber defense models to meet our customers' evolving needs.

- Analyze security alerts to identify potential incidents, such as malware infections, unauthorized access, or data breaches.

- Formulating and implementing monitoring policies, procedures, and standards relating to SecOps and security domains, network security, data security, cloud security, zero trust, etc.

- Automated response to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks, etc, together with evaluating the type, nature, and severity of security events (security assurance/security compliance) through the use of a range of security event analysis tools.

- Threat Hunting - Analyzes security system logs, security tools, and available data sources on a day-to-day basis.

- Enhance SOC service capabilities and offerings across key security domains and solution areas.

- Malware reverse engineering, including code or behavior analysis for endpoints and the network.

- Data security controls include malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions.

- Evaluate internal and external environment for threats, changes related to Information Security, and perform the role as Information Security subject matter expert to ensure these are properly addressed and controlled.

- Conduct detailed forensic analyses to identify the root cause, scope, and impact of security incidents, including malware analysis and artifact collection.

- Develop and implement incident response plans, playbooks, and procedures to ensure effective threat containment, eradication, and recovery.

- Document incidents thoroughly and prepare actionable reports for technical and non-technical stakeholders, including management and, if necessary, law enforcement.

- Collaborate with threat intelligence teams to enhance threat detection capabilities.

- Solid experience in Incident response and Data protection incidents.

- Analyze cloud platform logs (CloudTrail, Audit Logs, etc. ) and Logs to identify patterns and anomalies indicative of security threats or unauthorized access.

- Develop, implement, and maintain detection rules based on cloud platform logs to identify specific activities and events within the cloud environment.

- Create and optimize alerts and notifications for security incidents identified through log analysis.

- Perform adversary emulation activities to identify detection gaps in the environment.

- Understanding of DevOps and CI/CD pipelines in cloud environments.

- Collaborate with security teams to refine detection rules based on the latest threat intelligence.

- Work closely with teams to discover new detection capabilities.

- Integrate cloud platform log data with SIEM systems for centralized monitoring and correlation with other security events.

- Familiar with field extractions, regex, and having knowledge of SIEM infrastructure issues will be added advantage

- Document detection rules, processes, and methodologies for cloud platform log analysis.

Requirements :

- Intermediate knowledge of security operations, incident analysis, incident handling, vulnerability management or testing, system patching, log analysis, intrusion detection, developing and implementing custom detection rules, and use cases to identify and respond to potential security threats.

- Knowledge of threat intelligence sources and indicators of compromise (IOCs).

- Ability to investigate compromised systems, analyze malware, and collect intrusion artifacts (e. g., source code, trojans) to determine the scope and origin of an attack.

- Familiarity with forensic tools like Forensic Toolkit (FTK), Wireshark, or Elastic Stack is critical.

- Advanced problem-solving skills, ability to develop effective long-term solutions to complex problems.

- Knowledge and implementation of MITRE ATT& CK to map use cases across the initial points of exposure, alert mapping, and incident reporting.