Assistant Lead Engineer - SOC Engineering (Detect & Respond)

Responsibilities:

• Deploy, configure and maintain security tools, such as SIEM and network security monitoring for the SOC team.
• Perform tuning on the security tools to reduce false positives, improve event correlation, and enhance alert accuracy to ensure timely detection of threats.
• Integrate security solutions (e.g., SIEM and endpoint security) and data sources into the SOC infrastructure for comprehensive monitoring and detection.
• Provide technical support to the SOC team during incident investigations by ensuring the necessary logs and tools are available and functioning.
• Monitor the performance and health of the SOC security solutions, ensuring systems are up-to-date and optimized for peak performance.
• Maintain technical documentation related to the security tools and configuration.
• Provide regular reports on SOC security solution performance and improvements.
• Collaborate with SOC analysts to ensure that security operations are aligned with overall SOC expectations.
• Support internal and external security audits and compliance checks by ensuring security tools adhere to required standards and requirements.
• Support log source onboarding for monitoring and ensure that onboarding is completed.
• Support SOC rules, use cases, and playbook development.
• Evaluate and work with other teams on improving the case management tool.
• Experience with SOC rules creation.
• Experience with infra/network setup on both Windows and Linux will be a plus.