Cyber Security Engineer

1. Advanced Operations & Threat Detection
Lead  advanced health checks and configuration reviews  for deployed security tools (AV, EDR, XDR, PIM, PAM, DLP, DAM, etc.).
Conduct proactive threat hunting to identify hidden, emerging, or sophisticated threats beyond standard alerts.
Fine-tune correlation rules, use cases, and detection logic to reduce false positives and improve detection accuracy.
2. Incident Response & Escalation Management
Act as the final escalation point for critical and major incidents, leading investigation and resolution.
Own  root cause analysis (RCA)  and remediation plans for high-severity incidents in the ticketing tool (ITSM).
Lead incident command during major security events, coordinating cross-functional response and decision-making.
Review and approve closure of high-severity tickets, ensuring SLA and quality compliance.
3. Client & OEM Coordination
Serve as the senior technical point of contact for key clients during critical incidents and security reviews.
Present RCA reports, security posture reviews, and improvement recommendations to client stakeholders.
Liaise with OEMs and vendors on advanced troubleshooting, escalations, and product roadmap discussions.
4. Documentation & Reporting
Own and maintain advanced documentation, including RCA reports and threat intelligence summaries for all security products.
Review and refine runbooks, SOPs, and playbooks based on lessons learned from incidents and audits.
Prepare and present  monthly/quarterly security operations reports  (SLA trends, incident analytics, risk insights) to internal leadership.
5. Mentoring & Service Delivery Support
Mentor and train L1/L2 analysts on tools, SOPs, and incident handling best practices, including knowledge-sharing sessions.
Lead technical onboarding and architecture/configuration review for new clients or products.
Identify and drive automation opportunities to optimize SOC workflows and reduce manual effort.
6. Shift & Availability
Work in  24x7 rotational shifts  and lead shift operations, ensuring coverage and escalation readiness.
Be available for critical incident bridge calls and major incident management at short notice.
Required Skills &

Qualifications:

1. Technical

Skills:

Advanced expertise in cybersecurity products:  AV, EDR, XDR, PIM, PAM, DLP, DAM, SIEM/SOAR
Strong knowledge of Windows & Linux administration, networking, and cloud security fundamentals.
Deep understanding of incident lifecycle management, threat intelligence, and the MITRE ATT&CK framework.
Hands-on experience with scripting/automation (Python, Power Shell) for SOC process optimization.
Strong analytical, troubleshooting, and root cause analysis (RCA) skills.

2.

Soft Skills:

Excellent communication and presentation skills, including client-facing interactions.
Strong leadership and mentoring ability to guide junior analysts.
Ability to stay calm and decisive under high-pressure, major-incident situations.
Strong stakeholder management and cross-team coordination skills.

Qualification & Certification

Experience:

4 to 10 years

Education:

Graduate/Postgraduate in Computer Science, IT, Electronics, or related field.
Certifications (Preferred):  CEH, CompTIA Security+/CySA+, ITIL Foundation, OEM advanced certifications (EDR, XDR, PAM, DLP, etc.)