Department: Information Security / IT
Location: [On-site]
Reports To: SOC Manager / CISO
Job Summary
We are seeking an experienced Senior SOC Analyst with 5+ years of hands-on experience in Security Operations Centers (SOC) to monitor, detect, analyze, and respond to cybersecurity threats. The ideal candidate will have deep expertise in web technologies, cloud infrastructure, SaaS applications, databases, and servers, with a strong focus on threat hunting, incident response, and security automation.
Key Responsibilities
1. Threat Monitoring & Incident Response
- Perform real-time monitoring of security events using SIEM (Splunk, Sentinel, QRadar, Wazuh etc.), EDR (CrowdStrike, Carbon Black, Sequrite, NPAV), and IDS/IPS.
- Investigate and respond to web-based attacks (SQLi, XSS, DDoS), cloud security incidents (misconfigurations, unauthorized access), and SaaS application threats.
- Lead incident response activities, including containment, eradication, and recovery.
2. Security Analysis & Threat Hunting
- Conduct log analysis across web servers (Apache, Nginx), cloud platforms (AWS, Azure, GCP), and databases (SQL, NoSQL).
- Proactively hunt for threats in enterprise networks (Firewall, Wi-fi), cloud environments, and SaaS applications.
- Analyze malware, phishing campaigns, and API-based attacks targeting web apps.
3. Cloud & Web Security
- Monitor and secure cloud infrastructure (IaaS/PaaS) and SaaS applications (O365, Google Workspace Salesforce, etc.).
- Assess vulnerabilities in web applications (WAF, OWASP Top 10) and recommend mitigations.
- Review server and database security (Linux/Windows, MySQL, MSSQL, MongoDB).
4. Automation & Tooling
- Develop SIEM correlation rules and automate SOC workflows (SOAR platforms like Phantom, Demisto).
- Optimize cloud security tools (AWS GuardDuty, Azure Sentinel, GCP Chronicle).
5. Compliance & Reporting
- Ensure adherence to NIST, ISO 27001, SOC 2, GDPR, PCI-DSS.
- Document incidents, create threat intelligence reports, and present findings to leadership.
Core Competencies & Technical Skills
Web Technologies:
- Web application security (OWASP Top 10, Burp Suite, ZAP)
- CDN/WAF (Cloudflare, Akamai) & API security
Cloud Infrastructure:
- AWS/Azure/GCP security tools (GuardDuty, Security Hub, CSPM)
- Container security (Docker, Kubernetes)
SaaS & Applications:
- SaaS security posture management (SSPM)
- Email security (Proofpoint, Mimecast)
Databases & Servers:
- Database security (SQL injection prevention, encryption)
- OS hardening (Linux/Windows servers)
Other:
- SIEM ( Splunk, Sentinel), EDR (CrowdStrike), SOAR
- Scripting (Python, PowerShell) for automation
Qualifications & Experience
- 5+ years in a SOC, IR, or cybersecurity analyst role.
- Desired Certifications: CySA+, CISSP, CEH, AWS/Azure Security, GCIA.
- Hands-on experience with SIEM, EDR, cloud security tools.
- Knowledge of MITRE ATT&CK, NIST CSF, and threat intelligence.