Serve as a point of reference for high-complexity investigations and response to critical incidents, providing technical support to the analyst team.
Detection Engineering: Ensure monitoring effectiveness through continuous tuning and evolution of correlation rules in the SIEM (Google SecOps, Splunk, Elastic, etc.).
Incident Response: Perform triage, correlation, and handling of security alerts across diverse ecosystems (on-premises, Cloud, and SaaS).
Automation and Efficiency: Drive continuous improvement of SOC processes through automation (Python/SOAR) and intelligent integration of defensive tools.
Operational Procedures: Develop and refine playbooks, runbooks, and Standard Operating Procedures (SOPs) to increase SOC maturity.
Alert Analysis: Conduct critical reviews of high-severity alerts, coordinate escalation with the CSIRT, and produce root cause reports (RCR).
Reporting and Metrics: Produce technical documentation and executive incident reports, focusing on improvement recommendations and performance indicators (KPIs/KRIs).
Technical Mentoring: Share knowledge and investigation best practices, supporting ongoing team training.
Defense Integration: Collaborate with Threat Intelligence, Red Team, and Cloud Security to reinforce the defensive posture.
Scope Management: Assist in organizing the team's daily technical activities and planning trainings.

Bachelor's degree in Information Security, Computer Science, Networking, or related technology fields.
Solid hands‑on experience in monitoring, detection, and incident response (SOC / Blue Team).
Proficiency in SIEM architecture (Falcon, Splunk, Wazuh, or similar).
Practical experience in cloud security, especially AWS (GuardDuty, Security Hub, CloudTrail).
Deep knowledge of log analysis, network protocols, and security topologies (Firewall, Proxy, DNS, EDR/XDR).
Experience with workload protection and posture tools (CSPM, DLP, WAF, IDS/IPS).
Strong analytical ability to conduct technical investigations and prioritize incidents according to business risk.
Familiarity with strategic frameworks: MITRE ATT&CK, NIST, and ISO 27035.
Automation skills for SOAR optimization are desirable.
Prior experience acting as a technical reference/lead within a security team.
Knowledge of Threat Hunting and basic forensic analysis.
Industry certifications: AWS Certified Security, SC-200, CySA+, Security+, BTL1 or equivalent.
Experience with SOC operational metrics (MTTD, MTTR, false positive rates).

SOC Analyst, Mid-level

Key skills