• Perform advanced monitoring, analysis, and investigation of security alerts and incidents.
  

  
  

• Act as an escalation point for complex incidents and support L1/L2 analysts.
  

  
  

• Lead incident response activities including containment, eradication, recovery, and root cause analysis.
  

  
  

• Conduct threat hunting by analyzing logs, network traffic, and endpoint behavior.
  

  
  

• Fine-tune SIEM use cases, detection rules, and alerts to improve threat visibility.
  

  
  

• Coordinate with IT, network, application, and cloud teams for remediation activities.
  

  
  

• Support vulnerability management and risk assessment initiatives.
  

  
  

• Assist in security audits, compliance activities, and regulatory requirements.
  

  
  

• Prepare detailed incident reports, dashboards, and metrics for management.
  

  
  

• Stay updated on emerging threats, vulnerabilities, and attack techniques.
  

  
  

• 5+ years of experience in cybersecurity operations or SOC roles.
  

  
  

• Strong understanding of cyber threats, attack vectors, and MITRE ATT&CK framework.
  

  
  

• Hands-on experience with SIEM platforms (Splunk, QRadar, Sentinel, ArcSight).
  

  
  

• Experience with EDR/XDR, email security, and network security tools.
  

  
  

• Strong knowledge of Windows and Linux operating systems.
  

  
  

• Good understanding of networking fundamentals (TCP/IP, DNS, HTTP/S).
  

  
  

• Experience in incident response, malware analysis (basic), and log analysis.
  

  
  

Preferred Skills

• Experience with cloud security monitoring (AWS, Azure, GCP).
  

  
  

• Exposure to SOAR tools and security automation.
  

  
  

• Basic scripting skills (Python, PowerShell).
  

  
  

• Experience mentoring junior analysts.
  

  
  

• CEH, CySA+, or Security+
  

  
  

• CISSP (preferred but not mandatory)
  

  
  

• GIAC certifications – added advantage