Security Operation Center (SOC) Engineer / Senior/Staff Engineer
Position Purpose & Summary:
The job purpose of a Security Operations Center (SOC) Engineer is centered around monitoring, analyzing, and responding to security incidents within an organization’s IT infrastructure. SOC Engineers play a crucial role in maintaining the security posture of an organization by actively monitoring for security threats, investigating incidents, and implementing measures to prevent and mitigate security risks.
The overarching goal of a SOC Engineer is to contribute to the overall cybersecurity strategy, protect organizational assets, and respond effectively to security incidents to minimize potential risks and impact.
The role requires a combination of technical expertise, analytical skills, and a proactive approach to cybersecurity.
Primary Duties & Responsibilities:
Security Monitoring:
Continuously monitor security alerts and events generated by security tools, network devices, and applications.
Incident Detection:
Detect and identify security incidents, including unauthorized access, malware infections, and other suspicious activities.
Incident Analysis:
Conduct in-depth analysis of security incidents to determine the root cause, scope, and potential impact on the organization.
Incident Response:
Respond promptly to security incidents by following established incident response procedures, containing the incident, and implementing remediation measures.
Security Information and Event Management (SIEM):
Utilize SIEM tools to aggregate, correlate, and analyse security event data from various sources.
Threat Intelligence Integration:
Integrate threat intelligence feeds to enhance the understanding of current cyber threats and improve proactive threat detection.
Vulnerability Management:
Participate in vulnerability management processes, including scanning, assessment, and remediation of security vulnerabilities.
Log Analysis:
Analyse logs and security events to identify patterns, anomalies, and indicators of compromise (IoCs).
Security Tool Management:
Manage and configure security tools such as intrusion detection systems (IDS), firewalls, antivirus solutions, and other security-related technologies.
Collaboration with IT Teams:
Collaborate with IT teams to implement security measures, review configurations, and ensure the security of network infrastructure and systems
Academic Qualification:
- Degree in Computer Science
- Information Security, Cybersecurity, or a related field.
- Some positions may accept equivalent work experience or certifications
Professional Qualification and/or Regulatory, Licensing requirements:
- Relevant certifications such as CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM),
or GIAC certifications may be preferred
Technical Skills
Telecommunications Knowledge:
Understanding of telecommunications principles, services, and technologies.
Network Protocols:
Knowledge of network protocols such as TCP/IP, DNS, DHCP, and others.
Network Devices Configuration:
Proficiency in configuring and managing network devices, including routers, switches, and firewalls.
Automated Provisioning Systems:
Familiarity with automated provisioning systems and tools to streamline service activation processes.
Quality Assurance Testing:
Ability to conduct quality assurance testing for provisioned services to ensure they meet specified standards.
Compliance and Security:
Awareness of compliance requirements and security standards related to provisioning activities.
Network Testing and Validation:
Experience in testing and validating provisioned services to ensure correct functionality.
Collaboration Tools:
Familiarity with collaboration tools to work effectively with cross-functional teams.
Customer Communication:
Effective communication skills to interact with customers, provide updates, and address inquiries or concerns.
Capacity Planning:
Knowledge of capacity planning principles to allocate network resources efficiently.
Process Optimization:
Ability to identify and implement improvements in service activation processes.
Communication skills – Clear and concise communication with team members, customers, and other stakeholders, both verbally and in writing.
Team Collaboration – Ability to work collaboratively within a team and across different departments, fostering a positive and efficient work environment.
Attention to Detail – Keen attention to detail in configuration, documentation, and quality assurance checks to ensure accuracy.
Collaboration with Sales and Support Teams – Effective collaboration and communication with sales teams to understand customer requirements and with support teams to address technical challenges.
Flexibility – Willingness to adapt to evolving technologies and be open to learning new skills as needed.
Experience:
Hands-on experience with SIEM tools for aggregating, correlating, and analyzing security event data from multiple sources.
Practical experience in analyzing logs and security events to identify patterns, anomalies, and indicators of compromise (IoCs)
Experience in configuring and managing security tools such as firewalls, antivirus solutions, and endpoint detection and response (EDR) systems
Familiarity with cloud security principles and experience securing cloud environments (e.g., AWS, Azure)
Participation in initiatives aimed at improving SOC processes, efficiency, and overall security controls
Collaboration experience with IT teams to implement security measures, review configurations, and ensure the security of network infrastructure and systems
Experience in generating and presenting security reports to management, summarizing security incidents and trends
Familiarity with the setup, configuration, and monitoring of IDS/IPS technologies to identify and prevent security threats
Previous experience in security monitoring and incident response roles, including the detection, analysis, and resolution of security incidents
