Job Description: Senior Cyber Security Engineer
Job Title
Senior Cyber Security Engineer – SOC, Threat Detection & Cloud Security
Location
Mumbai / Nashik
Department
Information Security
Job Type
Full-time
Work Model
Office / Hybrid as per company policy
Position Overview
We are seeking a highly skilled and hands-on Senior Cyber Security Engineer to strengthen the organization’s security posture across endpoints, networks, cloud environments, identities, applications, and critical infrastructure.
The role will be responsible for EDR management, SIEM/SOAR use-case development, threat intelligence, vulnerability management, cloud security, incident response, threat hunting, security monitoring, and compliance support. The candidate should be capable of handling security incidents end-to-end, improving detection capabilities, reducing false positives, mentoring junior analysts, and working closely with IT, infrastructure, cloud, application, and compliance teams.
This is a senior operational and engineering role. The candidate must be comfortable working in a dynamic security environment where critical incidents may require rotational shift support, on-call availability, weekend support, or late-night emergency response, depending on business and security requirements.
Key Responsibilities
1. Endpoint Detection and Response
- Lead the deployment, administration, monitoring, and optimization of EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Cisco AMP, or similar tools.
- Investigate endpoint alerts involving malware, ransomware, suspicious PowerShell, lateral movement, privilege escalation, credential theft, and unauthorized access.
- Perform endpoint containment, isolation, quarantine, and remediation activities based on incident severity.
- Tune EDR policies and detections to reduce false positives and improve detection accuracy.
- Build and maintain endpoint investigation playbooks and response procedures.
2. SIEM, SOAR and Detection Engineering
- Develop, tune, and maintain SIEM correlation rules, alerts, dashboards, and reports.
- Work with platforms such as Wazuh, Splunk, Microsoft Sentinel, Securonix, QRadar, or similar SIEM tools.
- Onboard and validate log sources from endpoints, firewalls, cloud platforms, identity systems, servers, applications, and network devices.
- Create and improve detection use cases mapped to frameworks such as MITRE ATT&CK.
- Build and maintain SOAR playbooks for automation of repetitive SOC tasks, alert enrichment, phishing response, IOC blocking, and incident workflows.
- Continuously reduce false positives and improve alert quality.
3. Threat Intelligence and Threat Hunting
- Build and manage a practical threat intelligence program using internal and external intelligence sources.
- Convert threat intelligence into actionable detections, watchlists, IOCs, SIEM rules, EDR queries, and hunting activities.
- Conduct proactive threat hunting across endpoints, network logs, identity logs, cloud logs, and email security platforms.
- Track threat actor TTPs, malware campaigns, phishing campaigns, ransomware trends, and industry-specific threats.
- Maintain threat intelligence reports and share relevant insights with internal stakeholders.
4. Incident Response and Forensics
- Lead investigation and response for security incidents across endpoint, network, cloud, identity, email, and application environments.
- Act as incident lead / incident commander for high-severity incidents.
- Perform triage, containment, eradication, recovery, RCA, and post-incident review.
- Preserve evidence, collect forensic artifacts, and maintain proper incident documentation.
- Prepare incident reports including timeline, impact, root cause, corrective actions, and preventive controls.
- Coordinate with IT, infrastructure, cloud, application, legal, compliance, and management teams during major incidents.
- Maintain and periodically test incident response playbooks for malware, ransomware, phishing, account compromise, data leakage, cloud compromise, and insider threats.
5. Network Security
- Design, implement, monitor, and improve network security controls including firewalls, IDS/IPS, WAF, VPN, proxy, DNS security, and DDoS protection.
- Investigate suspicious network activity such as port scanning, command-and-control traffic, data exfiltration, unusual outbound traffic, DNS tunneling, brute-force attempts, and lateral movement.
- Review firewall and network security rules for risk, redundancy, and compliance.
- Work with network teams to strengthen segmentation, secure remote access, and reduce attack surface.
- Support security monitoring for both north-south and east-west traffic.
6. Cloud Security
- Oversee security controls across AWS, Azure, and Google Cloud Platform.
- Monitor and secure cloud workloads, IAM, storage, network security groups, cloud firewalls, logging, key management, and cloud-native security tools.
- Review and remediate cloud misconfigurations such as public storage, excessive privileges, exposed secrets, insecure security groups, and weak logging.
- Work with tools such as AWS GuardDuty, AWS Security Hub, Azure Defender for Cloud, Microsoft Entra ID, GCP Security Command Center, CSPM tools, or similar platforms.
- Investigate cloud security incidents including leaked access keys, suspicious API calls, risky sign-ins, privilege abuse, and exposed assets.
- Support secure cloud deployment practices and coordinate with DevOps / cloud engineering teams.
7. Vulnerability Management
- Lead vulnerability management lifecycle including scanning, validation, prioritization, remediation tracking, exception handling, and reporting.
- Work with tools such as Qualys, Nessus, Rapid7, Tenable, or similar platforms.
- Prioritize vulnerabilities based on CVSS, asset criticality, exploitability, internet exposure, business impact, and regulatory requirements.
- Track remediation SLAs and coordinate with infrastructure, application, and business teams for closure.
- Support patch governance and compensating control recommendations.
- Prepare vulnerability dashboards and aging reports for management review.
8. Identity and Access Security
- Monitor and strengthen identity security controls including MFA, privileged access, conditional access, risky login detection, and account compromise monitoring.
- Investigate impossible travel, brute-force login attempts, privilege escalation, suspicious account creation, and abnormal access patterns.
- Support periodic access reviews and privileged access governance.
- Work with IAM, PAM, Active Directory, Microsoft Entra ID / Azure AD, and related identity systems.
9. Email Security and Phishing Response
- Monitor and manage email security platforms such as Proofpoint, Cofense, Microsoft Defender for Office 365, Mimecast, or similar tools.
- Investigate phishing, spear phishing, BEC, malware attachments, credential harvesting, spoofing, and suspicious email campaigns.
- Analyze email headers, URLs, attachments, sender reputation, SPF, DKIM, and DMARC alignment.
- Coordinate takedown/blocking of malicious domains, URLs, senders, and attachments.
- Conduct enterprise-wide search and cleanup for malicious emails.
10. DevSecOps and Application Security Support
- Support secure software delivery by working with engineering and DevOps teams.
- Assist in implementing SAST, DAST, SCA, secret scanning, container image scanning, and CI/CD security gates.
- Review application and infrastructure vulnerabilities and recommend remediation actions.
- Support secure coding awareness, dependency risk management, and application security governance.
11. Security Audits, Compliance and Governance
- Support internal and external audits related to security controls, SOC operations, vulnerability management, incident response, and compliance.
- Work with frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI-DSS, SOC 2, and other applicable regulations.
- Maintain evidence, reports, SOPs, runbooks, risk registers, exception records, and audit closure documents.
- Help define and track security KPIs including MTTD, MTTR, SLA adherence, vulnerability aging, false-positive rate, detection coverage, incident recurrence, and audit closure rate.
12. Team Collaboration and Mentoring
- Mentor junior security analysts and engineers.
- Review investigation quality and provide guidance on incident handling, RCA, threat analysis, and documentation.
- Conduct security awareness sessions and technical knowledge-sharing sessions.
- Work closely with IT, infrastructure, cloud, application, DevOps, compliance, and business teams.
- Participate in shift handovers, incident reviews, governance meetings, and security improvement initiatives.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or related field.
- Minimum 5–7 years of hands-on experience in cybersecurity, SOC operations, incident response, threat detection, security engineering, or related areas.
- Strong experience in at least four of the following areas:
o EDR / endpoint security
o SIEM / SOAR
o Threat intelligence
o Incident response
o Network security
o Cloud security
o Vulnerability management
o Email security
o Identity security
- Hands-on experience with security tools such as CrowdStrike, SentinelOne, Microsoft Defender, Tanium, Splunk, Microsoft Sentinel, Securonix, QRadar, Qualys, Nessus, Proofpoint, Cofense, Cisco Sourcefire, or similar platforms.
- Strong understanding of Windows, Linux, Active Directory, networking fundamentals, cloud platforms, logs, malware behavior, phishing attacks, and attacker TTPs.
- Experience in creating or improving security playbooks, SOPs, dashboards, detection rules, and incident reports.
- Familiarity with security frameworks such as MITRE ATT&CK, NIST, ISO 27001, CIS Controls, and PCI-DSS.
- Strong analytical, troubleshooting, documentation, and stakeholder communication skills.
- Willingness to work in rotational shifts and provide on-call / emergency support during critical incidents, as required.
Preferred Qualifications
- Certifications such as CISSP, CISM, CEH, CompTIA Security+, CySA+, GCIH, GCIA, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent.
- Experience with cloud-native security tools across AWS, Azure, or GCP.
- Experience with DevSecOps, application security, container security, Kubernetes security, SAST, DAST, SCA, and secret scanning.
- Experience in ransomware response, tabletop exercises, breach simulation, or purple-team activities.
- Experience with security automation using SOAR, Python, PowerShell, APIs, or scripting.
- Experience working in financial services, banking, analytics, SaaS, or regulated environments.
- Exposure to audit evidence preparation, client security reviews, and regulatory compliance reporting.
Required Behavioral Competencies
- Strong ownership mindset during security incidents.
- Ability to remain calm and structured during high-pressure situations.
- Strong communication with technical and non-technical stakeholders.
- Practical problem-solving approach rather than only theoretical knowledge.
- Ability to mentor junior team members and improve team capability.
- High integrity, confidentiality, and sense of responsibility.
- Willingness to continuously learn and stay updated on new threats, tools, and attack techniques.
Key Performance Indicators
The role will be measured on:
- Mean Time to Detect security incidents.
- Mean Time to Respond and contain incidents.
- Reduction in false-positive alerts.
- Improvement in detection coverage.
- Timely vulnerability remediation and reduction in vulnerability aging.
- Quality of RCA and incident documentation.
- Closure of audit and compliance findings.
- Effectiveness of SIEM / SOAR use cases and playbooks.
- Security tool health, coverage, and optimization.
- Improvement in SOC process maturity and analyst capability.
Role Summary
This role is suitable for a candidate who is not only experienced in SOC monitoring but also capable of hands-on security engineering, detection improvement, incident leadership, cloud security monitoring, vulnerability governance, and cross-functional coordination.
The ideal candidate should be able to move beyond alert handling and contribute to building a stronger, measurable, and continuously improving cybersecurity function.