Description
• Provide L2 engineering and operational enablement by maintaining, tuning, and improving SOC and NOC platforms to ensure stability, integration, detection quality, and reduced alert noise. Support escalations and tool-related incidents impacting 24×7 operations.
• Mobilization: Onsite
• Duration of Services: 1 Year
• Work Shifts: 8 hours (24×7) shift
Key Responsibilities
• Administer and maintain SOC/NOC tools including SIEM, Network Anomaly Detection tool, syslog collectors, device integrations, NMS tool, and reporting dashboards.
• Perform log source onboarding and integration (parsing/normalization, field mapping, time sync, ingestion troubleshooting).
• Conduct alert tuning and use-case enhancement to reduce false positives and improve detection quality.
• Maintain dashboards and reporting packs (SOC threat trends, NOC availability/performance, operational KPIs).
• Manage tool health checks, upgrades/patching, backups, licensing, RBAC, and capacity planning.
• Handle L2 escalations from L1 include complex alerts, recurring monitoring issues, and tool outages, coordinate with vendors and internal resolver teams.
• Maintain documentation (SOPs, playbooks, integration diagrams) and support continuous improvement initiatives.
Requirements
Educational Background (Must)
• Bachelor’s degree in information security, Computer Science, IT, or a related field.
Professional Certifications / Trainings (Must)
• Trained or Certified in Deployment, Engineering and Administration of IBM QRadar SIEM.
• Trained or Certified in any NMS/infra service availability monitoring tool.
• Trained or Certified in Incident Handling and Response such as ECIH, GCIH, CISSP or equivalent
Professional Certifications / Trainings (Preferred)
• Practical cybersecurity training such as Security Blue Team, INE Security or equivalent.
• Trained or Certified in Project Management such as PMP or equivalent.
• Trained or Certified in IT Service Management such as ITIL Foundation or equivalent.
• Other cyber security certifications.
Experience
General SOC Experience (Must)
• Minimum 3 years of experience as SOC or engineer role.
• Experience in deploying, configuring, and maintaining IBM QRadar SIEM solution.
• Experience in integrating different data sources into the IBM QRadar SIEM solution.
• Knowledge of Log Aggregation and Parsing.
• Experience in incorporating threat intelligence feeds and sources into the IBM QRadar SIEM.
• Experience in building, testing and deployment of IBM QRadar SIEM detection rules.
• Experience in log analysis and incident investigation using the IBM QRadar SIEM.
• Experience in creating Dashboards and scheduled reports in IBM QRadar SIEM solution.
• Practical experience with any AV, EDR, NDR, IDS/IPS, firewalls, and vulnerability scanners.
• Knowledge in operating and managing windows and linux servers.
• Understanding of different Operating Systems event logs such as Windows events (systems, security, application, powershell and sysmon), Linux OS audit logs.
• Understanding of HTTP request and response.
• Understanding of network protocols and packet analysis.
• Understanding of ATT&CK MITRE and the Cyber Kill Chain security best practices and threat intelligence concepts.
• Practical experience with IT Service Management Tools.
• Understanding of NIST and ISO Security Incident response frameworks.
• Experience in documenting security incident report and SOC metrics.
• Strong troubleshooting and log analysis skills (Windows Event Logs, syslog, network/security telemetry).
• Experience supporting 24×7 environments and after-hours maintenance windows.
• Experience in Red, Blue, Purple Teaming exercise.
Technical Expertise (Preferred)
• Experience working with Manage Engine OpManager tool.
• Knowledge of scripting languages such as Python, PowerShell, or Bash to automate SOC processes and build custom scripts for data parsing or tool integrations.
• Experience working with any SOAR platforms. Experience working with any Vulnerability Management tool.