SOC Engineer (SC Cleared)

Strong understanding of:

• TCP/IP, DNS, HTTP/S, and other network protocols.
• Operating systems (Windows, Linux).
• Security frameworks (MITRE ATT&CK, NIST, ISO 27001).
• SIEM tools (eg, Splunk, QRadar, Sentinel).
• EDR solutions (eg, CrowdStrike, Carbon Black).
• Firewalls, proxies, and IDS/IPS systems.
• Scripting skills (Python, PowerShell, Bash) are a plus.
• Relevant certifications (eg, CompTIA Security+, CEH, GCIA, GCIH, CISSP) are desirable.

Potential previous experience:

• Monitor security alerts and events from SIEM (Security Information and Event Management) systems.
• Analyse logs and network traffic to identify anomalies and potential threats.
• Investigate and triage security incidents, escalating as necessary.
• Respond to security incidents in Real Time, following established playbooks.
• Conduct root cause analysis and document findings.
• Support containment, eradication, and recovery efforts.
• Leverage threat intelligence feeds to identify emerging threats.
• Perform proactive threat hunting to detect hidden threats in the environment.
• Maintain and tune SOC tools such as SIEM, EDR (Endpoint Detection and Response), IDS/IPS, and SOAR platforms.
• Develop scripts and automation to improve detection and response efficiency.
• Create incident reports, dashboards, and metrics for stakeholders.
• Maintain accurate documentation of incidents, investigations, and response actions.