SOC Engineer

Job Description

MISSION:

Ensure EMG's digital assets, cloud platforms, applications, infrastructure, APIs, and data ecosystems are continuously monitored, protected, and defended against cyber threats.

The SOC Engineer is responsible for:

* Building and tuning security detections

* Operating EMG's SIEM/SOAR platforms (Splunk, cloud-native tools)

* Handling cyber investigations and forensics activities

* Enhancing visibility across cloud, on-prem, and application layers

* Supporting threat hunting, response, and vulnerability remediation

* Ensuring alignment with EMG security policies, CISO directives, and regulatory obligations

This role is essential for maintaining EMG's cybersecurity resilience in a hybrid and modernized technology landscape.

MAIN RESPONSABILITIES:

1. Security Monitoring & Detection Engineering

● Develop and maintain detection rules, dashboards, alerts, correlation logic, and analytics within:

* Splunk (SIEM)

* SOAR (such as n8n)

* cloud-native SIEM/SOC tools

* endpoint detection tools (EDR/XDR)

* identity logs

● Build detections and emerging threat patterns.

● Configure, monitor and troubleshoot security infrastructure devices and services such as EDR, DLP or CASB

● Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency

2. Incident Investigation & Threat Response

● Perform L3 investigation of security alerts, including:

* anomalous authentication events

* suspicious network activities

* endpoint compromises

* cloud misconfigurations

* API misuse or credential abuse

● Execute containment and remediation actions in collaboration with cybersecurity teams, IT Ops and Engineering teams

● Produce clear incident reports and contribute to RCA and continuous improvement.

● Establishing disaster recovery procedures and conducting breach of security drills.

3. Threat Hunting

● Conduct proactive threat hunts using:

* log patterns

* anomalous behavior detection

* threat intel feeds

* historical investigations

* cloud & API-specific threat vectors

● Identify gaps in security visibility and propose instrumentation improvements.

4. Security Logging & Observability Integration

● Ensure complete and reliable logging coverage across:

* Cybersecurity tools (EDR, DLP, etc.)

* APIs

* cloud workloads

* network traffic

* databases

* CI/CD systems (Git Lab)

● Work with Observability teams to ensure correlated visibility (Dynatrace + Splunk).

5. Vulnerability & Attack Surface Support

● Support vulnerability management by correlating findings with real activity logs.

● Validate remediation and track exploitation attempts related to EMG systems.

● Assist IT Ops and Engineering teams to prioritize and mitigate vulnerabilities.

6. Cyber Security Controls Validation

● Validate enforcement of cybersecurity standards (E.g., Zero Trust, MFA, encryption, identity governance).

● Test security controls effectiveness through simulations or red-team collaboration.

7. Documentation, Playbooks & Knowledge Sharing

● Maintain SOC runbooks, response playbooks, detection documentation, and forensic procedures.

● Identify and communicate current and emerging security threats

8. Collaboration Across IT & Business

● Work closely with:

* CISO (governance, escalation, risk alignment)

* Cybersecurity Architecture Manager

* IAM teams

* Cloud & Production Services

* Network & Infrastructure Ops

* Domain Engineering Teams

● Ensure consistent communication and coordination during incidents and monitoring activities.

IDEAL

EXPERIENCE:

* 3-8 years in SOC, security operations, detection engineering, incident response, or cyber defense roles.

* Hands-on experience with Splunk SIEM, SOAR tools, EDR/XDR, and cloud logging.

* Understanding of cloud security (AWS/GCP), API security, microservices architecture.

SKILLS &

COMPETENCIES:

* Strong log analysis, correlation, and detection engineering ability.

* Understanding of attacker techniques, threat vectors, malware behavior, identity attacks.

* Ability to operate during high-pressure security incidents.

* Knowledge of IAM flows, network security, and container security.

OTHER PERSONAL CHARACTERISTICS:

* Analytical, methodical, and rigorous.

* Calm under…