Expert Engineer​/Security Operation Centre

Job Description

Responsible for incident response efforts, conducting comprehensive forensic investigations and proactively hunting for threats within the network and systems and remediate security incidents.

• Monitor and analyze threat intelligence feeds, security blogs, and industry news to stay informed on emerging threats and vulnerabilities.
• Conduct forensic investigations for cybersecurity incidents, including data breaches, advanced persistent threats (APT), ransomware, and insider threats.
• Utilize forensic tools and techniques to collect and analyze evidence, ensuring secure evidence handling and chain of custody for compliance with legal and regulatory standards.
• Conduct in‑depth analysis of security events from multiple sources, such as SIEM, IDS/IPS, firewall logs, endpoint detection tools, and network traffic data.
• Develop and execute advanced threat‑hunting queries and custom searches to detect malicious activities that may evade standard detection systems and improve detection rules.
• Conduct host‑based forensic analyses across various platforms, including Windows, Linux, macOS, and mobile devices.
• Conduct network‑based forensics using platforms such as NDR, Security Onion.
• Conduct initial malware analysis to assess potential risks.
• Proactively hunt for threats in the organization’s network by identifying Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by adversaries.
• Build and refine threat‑hunting playbooks and runbooks to standardize and enhance threat‑hunting operations.
• Communicate findings through detailed, high‑quality reports and presentations to security teams, management, and relevant stakeholders.
• Experience with forensic tools such as FTK, Encase, Oxygen, Cellebrite, etc.
• Develop the remediation strategies for compromised environments.
• Develop custom scripts to automate the security log analysis.
• Conduct cloud incident response across Azure & AWS.
• Utilize the MITRE ATT&CK framework to map detected threats and enhance threat‑hunting capabilities.
• Ensure timely closure of incidents in compliance with SLA requirements.

Mandatory:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent work experience)
• DFIR related certifications.
• Hands‑on experience with Windows and Linux environments, can read and explain Windows or Linux logs effectively.
• Strong hands‑on experience with Incident Response and Digital Forensics.
• Practical Investigation experience (end‑to‑end case handling or evidence processing exposure).
• Investigation background can't just be focused on EDR and SIEM tools. NEEDS exposure to Host‑Level Investigations.
• Docker OR Kubernetes.
• Possess relevant SANS certifications, and preferably have experience working with SIEM platforms such as Microsoft Sentinel and Splunk.
• Ability to write and execute complex queries using KQL (Kusto Query Language).
• SANS GCFA, GCFE & GCIH.
• Minimum 6 years of experience in digital forensics, incident response, or threat hunting.
• Expertise in Digital Forensics, Incident Response, and Threat Hunting.

Preferred:

• Strong knowledge of forensic tools such as EnCase, FTK, Oxygen, Cellebrite, Volatility, and other forensics analysis tools.
• Experience with cloud forensics for platforms such as AWS & Microsoft Azure.
• Skilled in scripting (e.g., Python, Power Shell) for automation of forensics and incident response tasks.
• Knowledge of the MITRE ATT&CK framework for categorizing and responding to adversarial techniques.
• Ability to communicate complex technical findings effectively to both technical and non‑technical audiences.
• Strong analytical and problem‑solving skills, with attention to detail and accuracy.
• Self‑driven and able to work effectively in high‑stress situations, handling multiple incidents simultaneously.
• Demonstrated ability to work both independently and collaboratively within a team.