Security Delivery Consultant

We are seeking an experienced Cyber Security professional to join our SOC team as a Senior Analyst / SOC Lead. The ideal candidate will lead incident response, manage SOC policies and procedures, and drive security operations across SIEM, EDR, and NDR technologies. This role requires hands-on technical expertise, strong communication skills, and the ability to lead a cyber security team with on-call support after business hours.

Key Responsibilities

• Develop, maintain, and refine incident response plans, playbooks, and SOC policies, processes, and procedures.
• Lead incident response activities from detection through containment, eradication, and recovery.
• Coordinate with IT, legal, risk, and business units during security incidents.

SIEM Management

• Implement, tune, and optimize SIEM solutions; work with SIEM engineers to develop and refine correlation rules.
• Analyze security events, identify threats, and provide guidance to the security team.
• Produce cyber intelligence reports for technical staff, non-technical stakeholders, and senior management.

IR Tools & Investigations

• Utilize IR tools and solutions for detection, investigation, and response.
• Conduct or supervise root-cause analysis and post-incident reviews.
• Communicate findings and recommendations to various audiences.
• Clearly articulate cyber risk and strategic issues to technical and non-technical audiences.
• Demonstrate strong analytical and organizational skills; lead the cyber team; provide on-call support after business hours.

EDR/NDR Administration

• Administer and maintain EDR (Endpoint Detection and Response) and NDR (Network Detection and Response) technologies.
• Deploy, upgrade, and maintain agents across Windows, macOS, and Linux; monitor health and troubleshoot reporting issues.
• Develop and enforce EDR/NDR policies; integrate with SIEM and other security tools.
• Create and maintain custom correlation rules for EDR/NDR; review configurations regularly for enhancements.
• Manage support tickets with EDR/NDR vendors as needed.

Collaboration & Problem Solving

• Work with cross-functional teams to improve security controls, telemetry, and incident response capabilities.
• Document processes and contribute to a knowledge base for ongoing improvements.

Required Qualifications & Experience

• Minimum 5 years of hands-on experience in cyber security operations, incident response, and SOC planning.
• Experience with incident response planning, SOC policy development, and procedure creation.
• Proficient in Security Information and Event Management (SIEM) operations; ability to develop/refine correlation rules with SIEM engineers.
• Hands-on experience with EDR and NDR technologies (deployment, policy management, health monitoring, integration with SIEM).
• Strong ability to analyze security events, perform investigations, and provide actionable guidance.
• Excellent written and verbal communication skills; ability to convey technical concepts to various audiences.
• Demonstrated leadership and people-management skills; ability to lead cyber teams and provide after-hours support.
• Certifications (preferred): GIAC GCIH, GMON, GCFA or similar.

Preferred Skills

• Experience with cross-domain integrations (e.g., SIEM integrations with ITSM, SOAR, threat intel feeds, firewall/logging systems).
• Knowledge of network forensics, malware analysis basics, and threat hunting concepts.
• Familiarity with regulatory/compliance requirements relevant to security operations.

Working Conditions

• On-call rotations and after-hours support may be required.
• Office-based with possible on-site presence at client or data center locations.
• Ability to work in a fast-paced environment and manage multiple priorities.