Key skills
CLeadership
About this role
Role Overview
- Conduct advanced, in-depth analysis of alerts escalated from Level 1 / Level 2, performing detailed investigation of logs, endpoint telemetry, network events and indicators of compromise (IOCs), identifying TTPs and the scope of the attack.
- Provide technical leadership through containment, eradication, recovery and post-incident phases in medium to high complexity security cases, coordinating actions with IT, infrastructure, legal, compliance teams and third parties when necessary.
- Conduct investigations of complex incidents, defining the scope of compromise, mapping affected assets, reconstructing the attack timeline and identifying entry, persistence and exfiltration vectors.
- Act as a technical reference by reviewing critical cases, delivering knowledge-sharing sessions, internal training and support for more challenging investigations.
- Develop, tune and maintain detection rules, use cases, correlations and analytic content in SIEM / XDR / SOAR to reduce false positives and increase true detection rates.
- Create, review and improve incident response playbooks, standard operating procedures (SOPs) and reports.
- Contribute to the continuous evolution of Blue Team maturity, including integration of new telemetry sources, threat intelligence, response automations and proactive validation of security controls.
Requirements
- Bachelor's degree completed or in progress in Information Security, Computer Science, Computer Engineering, Information Technology or related areas.
- Minimum 3–5 years of experience in SOC operations, Blue Team, cybersecurity monitoring and/or incident response (Level 2 or higher experience will be valued).
- Solid hands-on knowledge of at least one SIEM (FortiSIEM, Microsoft Sentinel, Elastic SIEM, etc.) and advanced log analysis.
- Mastery of defensive concepts and frameworks: MITRE ATT&CK, Cyber Kill Chain.
- Knowledge in Vulnerability Management (VM): processes for identification, classification, business-risk-based prioritization, remediation and vulnerability governance (including use of scanners, CVSS vs contextual prioritization and integration with patch management processes).
- Proven ability to communicate technical and non-technical information, clear report writing and the ability to interact with different stakeholders (C-level, IT, legal, vendors).
- Extremely hands-on, proactive, analytical, collaborative and results-oriented profile with a strong focus on continuous improvement.
- Desired certifications: CompTIA CySA+.
Benefits
- BIZ (flexible benefits card)
- Alice Health Plan
- Amil Dental Plan (optional)
- Life insurance
- Commuting allowance
- Wellhub (Gympass)
- Childcare assistance for mothers and fathers