Lead SOC Engineer NDR And VM

Overview

The Lead Engineer – SOC (NDR & VM) will be a technically proficient Lead Engineer to join our Security Operations Center (SOC) team. This individual contributor role focuses on enhancing threat detection and response capabilities through NDR technologies and driving a robust vulnerability management program. The ideal candidate will be hands‑on, detail‑oriented, and passionate about cybersecurity operations.

• Architect and manage NDR solutions to monitor network traffic and detect malicious activity (Corelight, Darktrace, Vectra).
• Analyze network telemetry and behavioral patterns to identify threats such as lateral movement, data exfiltration, and command‑and‑control communications.
• Develop and fine‑tune detection logic, signatures, and machine learning models to improve threat visibility.
• Integrate NDR platforms with SIEM and SOAR tools to enable automated alerting and response.
• Conduct threat hunting exercises using NDR data to proactively identify risks.
• Write and tune network signatures and possess knowledge on Suricata and Snort rule writing.

• Lead the end‑to‑end vulnerability management lifecycle: scanning, assessment, prioritization, and remediation tracking.
• Utilize tools like Qualys, Tenable, or Rapid7 to perform regular scans across endpoints, servers, cloud assets, and network devices.
• Collaborate with infrastructure and application teams to ensure timely patching and mitigation of identified vulnerabilities.
• Maintain a centralized vulnerability dashboard and generate executive‑level reports with risk‑based metrics.
• Ensure alignment with regulatory requirements (ISO 27001, NIST, GDPR) and internal security policies.

• Assist in investigation and response to security incidents, leveraging NDR and vulnerability data.
• Work closely with SOC Team, threat hunting, and threat intelligence teams to contextualize alerts and improve detection capabilities.
• Stay updated with emerging threats, vulnerabilities, and security technologies.
• Participate in red/blue/purple team exercises to validate detection and response capabilities.
• Support audits, compliance assessments, and risk reviews as a subject matter expert.
• Contribute to SOC architecture strategy and implementation initiatives.
• Contribute to the development of SOC playbooks and standard operating procedures.

• Profound knowledge and hands‑on experience with NDR tools and its architecture.
• Strong understanding of network traffic and analysis.
• Proven expertise in NDR platforms (Corelight, Vectra AI, Darktrace) and vulnerability management tools (Qualys, Tenable, Rapid7).
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Experience with SIEM (Splunk, Sentinel), SOAR, and endpoint protection platforms.
• Hands‑on experience with writing and tuning detection signatures including Suricata and Snort.
• Excellent problem‑solving skills and the ability to make decisions under pressure.
• High proficiency in written and verbal communication.

• Certified Information Systems Security Professional (CISSP), OSCP, or GIAC is desirable.
• Networking certifications such as CCNA or CCNP are advantageous.
• Vendor certifications for NDR product/s.
• Experience integrating vulnerability tools with ticketing systems (Service Now, Jira) and CMDBs.

• Minimum of 8 years of experience in SOC operations, with significant experience in NDR and Vulnerability Management.

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

• Role Level: Mid‑Level
• Work Type:
  Full‑Time
• Country:
  United Arab Emirates
• City:
  Abu Dhabi

The TALENTMATE Portal is a platform to bring jobseekers and employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advise against sharing personal or bank related information.