Security Operation Manager

Role Overview

We are seeking a skilled and proactive cyber Security Engineer with 4 to 5 years of hands‑on experience in enterprise cybersecurity operations. The ideal candidate will have strong technical expertise across security operations, detection engineering, incident response, and threat hunting with proven experience working on modern security platforms. This role requires a practitioner who can actively defend enterprise environments and continuously improve security posture.

• Develop and optimize detection use cases aligned with the MITRE ATT&CK framework and emerging threats.
• Tune security controls and automate workflows to reduce false positives and improve detection accuracy.
• Manage and secure Microsoft 365 Security and Microsoft Security platforms.
• Strengthen identity security through attack surface analysis, privilege reviews, and policy optimization.
• Review security architecture and provide guidance for secure deployment of new applications and technologies.
• Create advanced correlation rules across multiple log sources to detect sophisticated attack patterns and generate high-fidelity alerts.

• Support end‑to‑end incident response, including triage, investigation, containment, eradication, recovery, and reporting.
• Perform digital forensic investigations across endpoints, servers, cloud environments, and other relevant sources.
• Assist in malware removal, persistence eradication, root cause validation, and secure system recovery.
• Maintain and enhance incident response playbooks to align with current threats and industry best practices.

• Conduct structured, unstructured, and intelligence‑driven threat hunts across network, endpoint, and cloud environments.
• Analyze security data to identify anomalous behavior, indicators of compromise (IOCs), and attack patterns.
• Collaborate with security, incident response, and engineering teams to improve detections and strengthen security posture.
• Present findings, recommendations, and remediation strategies to technical and management stakeholders.
• Stay current with emerging threats, attack techniques, and security technologies through continuous learning.

• 4–5 years of hands‑on experience in cybersecurity operations, monitoring, or security engineering.
• Strong experience with enterprise security solutions across endpoint, network, and cloud environments.
• Proven expertise in handling security incidents through the full incident response lifecycle.
• Solid understanding of networking fundamentals and security concepts.
• Knowledge of attack techniques, threat detection methodologies, and threat hunting.
• Experience analyzing logs, packet captures, endpoint artifacts, and collecting digital evidence.
• Proficiency in Splunk SPL, KQL, SQL, or similar query languages.

• 4+ years of experience with EDR, NDR, and SIEM platforms (Microsoft Defender, Crowd Strike, Splunk, Sentinel, Elastic).
• Experience with Data Security technologies including DLP, IRM, and DSPM solutions.
• 4+ years of experience configuring and investigating email security platforms.
• Hands‑on experience with identity and access management solutions such as Entra  Active Directory.
• Strong understanding of authentication and authorization protocols including SAML, OAuth 2.0, and OIDC.
• Experience with security automation tools, orchestration platforms, and threat intelligence feeds.

• Knowledge of OT (Operational Technology) security concepts and principles.
• Familiarity with automation and scripting (Power Shell, Python, Bash).
• Familiarity with securing cloud workloads on Azure, AWS