Perform continuous monitoring of security alerts and logs from various sources (SIEM, EDR, firewall, cloud, etc.).
Conduct initial triage, coordinate incident response and analysis of security incidents to determine severity and impact.
Develop, configure, and tune SIEM detection rules to improve threat detection and minimize false positives.
Review detection coverage and recommend new rules or improvements based on recent incidents, threat reports, or security assessments.
Maintain and update detection rules, playbooks, and operational documentation.
Conduct threat hunting, vulnerability assessment, and log analysis activities.
Generate regular reports and metrics on incident trends and CSOC performance.
Support continuous improvement of security operations processes and detection capabilities.
Collaborate with internal and external stakeholders, including regional partners, where Chinese language skills may be required.

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Minimum 2 years of experience in a Security Operations Center (SOC) or equivalent security monitoring role.
Hands-on experience with SIEM tools (e.g., Splunk, Sumo Logic, QRadar, Elasticsearch, etc.).
Detection rule and use case development (rule-based and ML-based)
Automation and integrations using APIs, webhooks, and SOAR-style workflows
Alert triage, enrichment, and case management with ticketing systems
Knowledge of common attack techniques, malware behavior, and network security principles.
Familiarity with incident response frameworks (e.g., NIST, SANS).
Strong analytical and problem-solving skills with attention to detail.
Able to be on stand-by for on-call when the need arises.

Cyber Security Operations Center (CSOC) Analyst, English Speaker

Key skills