This role is 100% remote, but the candidate must be physically located in Latin America. Applications from other locations will not be accepted. Written and oral English fluency are required. The person in this position will support the client's Security Operations Team, providing high-quality services and performing daily duties of monitoring, detecting, analyzing, and performing incident response to cyber threats against the client's applications, platforms, networks, and information. The Senior SOC Engineer will be a technical SME working to drive forward SOC, SIEM, and Security IR capabilities, tooling, and processes as per the Duties described below. The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public-facing services & websites, wireless, mobile/cellular, cloud-based applications and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations, and laptops, production, manufacturing, and various other 3rd party connections & services. Key Responsibilities - Analyzing & reviewing escalated cases until closure. This includes investigations & recommending appropriate corrective actions for cyber security incidents. - Leading efforts in monitoring, reporting, and responding to major information security incidents. - Create & deploy Use Cases for SIEM. Periodically fine-tune the use cases as per business requirements. - Must have proven hands-on experience in security technologies such as SIEM, SOAR, EDR, and DLP. - Scripting knowledge (Python, PowerShell, or Perl) would be an added advantage. - Create ad hoc reports & dashboards from SIEM as per requirements. - Troubleshooting logs sources and log parsing issues. - Management, administration, upgrades & maintenance of clients security operations devices. - Responsible for integrating and onboarding standard and non-standard log sources in SIEM. - Understanding of various attack methods and mitigation techniques for on-premises and multi-cloud environments. - Root cause analysis preparation for major incidents. - Drive the outcomes of lessons learned to improve the organization's security posture. - Act as a point of escalation for L1 & L2 SOC personnel in support of Security Incident Response investigations. - Assess, identify, and create policies to automate incident response. - Coach and mentor junior analysts. Key Requirements/Minimum Requirements - Bachelor of Science from an accredited institution. - The ability to fluently read, write, understand, and communicate in English. - Strong knowledge of best practices in incident management, problem management, and change management. - Superior communication skills and ability to brief senior government officials. - 5+ years of Information Security / Cybersecurity experience. DESIRED SKILLS AND CERTIFICATIONS - 7+ years total working in IT (experience can be various IT roles across infrastructure, network, security, application dev/ops). - 5 years of experience working in cybersecurity - 3 years of hands-on work experience with Microsoft Sentinel. - Working knowledge of onboarding log sources, log ingest methods, fine-tuning use cases, creating new use cases, and automating playbooks in Sentinel. - Hands-on experience with using, configuring, and troubleshooting Microsoft Defender. - Experience with handling cybersecurity incidents. - Experience with ransomware attacks. - Experience in networking and telecommunications, integration, design, and architecture. - Strong OS knowledge of Windows and Linux, including networking and security. - Hold preferably two but at minimum one relevant industry certification (GCIH, GCED, CISSP, CEH, GMON, etc.) - Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc. - Experience with Active Directory, IAM, and PAM. - Experience building and maintaining a high-performance team of analysts. - Expertise with an industry-standard framework (ISO, NIST, PCI). - Experience maintaining metrics and SLAs. KINDLY SUBMIT YOUR RESUME IN ENGLISH
