Key skills
Cyber SecurityCommunicationProblem SolvingCollaborationNetwork Security
About this role
Role Overview
- Monitor and triage security and network alerts from network monitoring, EDR/XDR, SIEM, and related security tooling; prioritize incidents based on risk and business impact.
- Investigate endpoint threats (malware, ransomware, credential theft, persistence, lateral movement) using Microsoft Defender for Endpoint (MDE), CrowdStrike EDR, SentinelOne EDR, and Stellar Cyber XDR.
- Identify common attack patterns (phishing, malware execution, credential abuse, lateral movement, persistence indicators) and recommend next steps.
- Escalate complex or high-severity incidents to Tier 2/IR with high-quality handoffs (evidence, hypotheses, affected entities, attempted actions).
- Support ongoing investigations by collecting additional artifacts/logs, re-checking endpoints, and monitoring for recurrence.
- Document findings clearly in the ticketing system, ensuring complete timelines, evidence, and actions taken.
- Follow SOC runbooks, playbooks, and standard operating procedures (SOPs) consistently.
- Participate in shift handovers and maintain accurate case notes to ensure continuity of operations.
- Identify recurring false positives, detection gaps, and tuning opportunities; propose improvements to content/rules and playbooks.
- Stay up to date on information technology trends and security standards.
- Adhere to company-wide best practices for IT security.
Requirements
- A strong desire to work in either Cyber security or Network security fields
- Strong understanding of SIEM, XDR, and EDR fundamentals (telemetry types, detection logic, correlation, and response workflows).
- Understanding of attack lifecycle concepts (MITRE ATT&CK basics, NIST, Lockhead Martin etc.).
- Ability to analyze endpoint and security logs (Windows Event Logs concepts, process/parent-child relationships, network indicators).
- Ability to demonstrate an understanding of IP protocols like DHCP, FTP/SFTP, HTTPS/HTTPS, TCP/UDP, SSH etc.
- Strong written communication and ticket hygiene (clear summaries, evidence-based conclusions).
- Comfort working in a 24x7 SOC environment and meeting SLA-driven targets.
- Team player with strong collaboration skills and a flexible approach to problem solving.
Tech Stack
- Cyber Security
Benefits
- WFH Set-up
- 4 days on / 4 days off rotation