Junior SoC Engineer

CMB ATC

Key responsibilities & Accountabilities:

• Advanced Incident Response & Threat Investigation

• Investigate and remediate escalated security incidents involving advanced attack techniques.

• Perform detailed forensic data collection, root cause analysis, and system restoration.

• Lead incident response efforts, ensuring proper containment, eradication, and recovery.

• Engage in post-incident reviews, identifying gaps in security controls and recommending improvements.

• Mentorship & Knowledge Sharing

• Provide guidance and mentorship to L1 analysts on investigation techniques, escalation workflows, and threat mitigation strategies.

• Work alongside IT, engineering, and compliance teams to enhance security workflows and response plans.

• Develop training materials and process documentation to support cross-functional security initiatives.

• Maintain and improve the SOC knowledge base, ensuring documentation aligns with best practices and emerging threat intelligence.

• Advanced Security Stack Management & Optimization

• Conduct advanced tuning of security detection tools to enhance accuracy and reduce false positives.

• Address complex tuning requests escalated from L1 analysts.

• Validate and refine detection logic, ensuring continuous improvement of threat detection capabilities.

• Threat Hunting & Proactive Security Analysis

• Perform in-depth analysis of suspicious activities to uncover and mitigate hidden security threats.

• Develop detection rules and mechanisms to address network and host-based threats.

• Leverage indicators of attack (IOAs) and indicators of compromise (IOCs) to enhance detection efficacy.

• Security Tools Proficiency & Continuous Improvement

• Utilize and manage SIEM, EDR, XDR, vulnerability scanners, firewalls, and email gateways at an intermediate level.

• Stay informed about new attack methods, evolving threat vectors, and cutting-edge mitigation strategies.

• Participate in red team/blue team exercises to enhance security defense capabilities.

• Reporting, Documentation & Stakeholder Communication

• Create detailed security reports on incidents, emerging threats, and SOC operational performance.

• Maintain operational readiness in a 24/7 SOC environment, ensuring effective incident management and response during all shifts.