Serve as the Technical Focal Point (TFP) for assigned clients, managing technical communication, recurring alignments, and end-to-end handling of critical cases.
Lead the full incident response lifecycle: triage, investigation, containment, root cause analysis, and remediation recommendations.
Operate and investigate using SIEM platforms, performing log analysis, event correlation, threat hunting, and refinement of detection rules.
Maintain and improve detection within XDR/EDR tools by tuning policies, reducing false positives, and mapping detection coverage.
Document incidents, produce technical and executive reports, and present findings to clients clearly and concisely.
Support junior analysts as a technical reference, contributing to the team's maturity and delivery quality.
Identify detection gaps and propose continuous improvements aligned with frameworks such as MITRE ATT&CK.
Requirements
Proven experience operating in a SOC and in security incident response.
Strong cybersecurity knowledge: attack vectors, kill chain, operational-level malware analysis, hardening, and defensive best practices.
Hands-on experience with at least one SIEM platform, with strong log analysis and correlation skills.
Technologies used: QRadar, Google SecOps (Chronicle), Splunk, Elastic, and Palo Alto XSIAM.
Experience with detection and investigation in XDR/EDR tools such as Cortex XDR, Trend Micro Vision One, CrowdStrike Falcon, Microsoft Defender, Microsoft Sentinel, and SentinelOne.
Strong verbal and written communication, with maturity and a sense of responsibility to engage directly with clients.
Strong organizational skills, ability to manage multiple cases simultaneously, and meet SLAs.
Tech Stack
Splunk
Benefits
Certifications are highly valued and considered a distinguishing factor in the evaluation.