Senior SOC Consultant

Role:
Senior SOC & Adversary Emulation Consultant Company:
Activ Bytes Technologies

Experience:

6+ Years (Relevant Cybersecurity)

Location:

On-site opportunities in the UAE
Notice Period:
Immediate Joiner Preferred

Role Overview Activ Bytes Technologies is seeking a high-caliber Purple Team Lead to bridge the gap between offensive testing and defensive resilience. You will not only lead complex investigations into APT activity and malware but also design controlled adversary emulations to test our own defenses. This is a "hands-on" leadership role where you will act as an Incident Commander during critical events and an Architect for our detection engineering and threat-hunting workflows.

Key Responsibilities
1. Incident Command & Advanced Defense  Lead Complex Investigations:
Drive deep-dive analysis into malware, APT activities, lateral movement, and data exfiltration.
Full Lifecycle Management:
Handle the complete incident lifecycle (Triage to Lessons Learned) and perform rigorous root-cause analysis.
Incident Commander:
Act as the primary lead during critical security events, coordinating across IT, Cloud, and Business units.
SOC Optimization:
Investigate L1/L2 escalations, tune SIEM/EDR/NDR alerts to reduce false positives, and develop new SOAR playbooks and dashboards.
2. Offensive Operations & Adversary Emulation  Red Team Simulations:
Design and execute adversary emulation scenarios mapped strictly to the MITRE ATT&CK framework.
Vulnerability & Penetration Testing:
Perform manual and automated assessments (OWASP Top 10, Cloud misconfigurations) across internal/external infrastructure.
Defensive QA:
Translate Red Team exploitation paths into robust detection use cases and SIEM rules to eliminate defensive blind spots.
3. Proactive Threat Hunting & Intel  Hypothesis-Based Hunting:
Build custom queries and hunt hypotheses to identify unidentified anomalies in the environment.
Threat Intel Operationalization:
Consume TTPs and IOCs from intel feeds and map them to active hunting activities.
4. Cross-Platform Correlation (Multi-Vector Defense)  Correlate telemetry across the stack to identify sophisticated, multi-stage attacks:
EDR + SIEM:
Cross-reference alerts with endpoint telemetry for full context.
IAM + Network:
Analyze identity anomalies in conjunction with lateral network activity.
PAM + DLP:
Monitor privileged access patterns and correlate them with potential data exfiltration attempts.
APM + Security:
Review Application Performance Monitoring (APM) for anomalous behavior indicating compromise.
Technical Qualifications

Experience:

6+ years in Cybersecurity, with proven "Purple Team" experience (Red + Blue).
Offensive Tools:
Proficiency in penetration testing tools (Burp Suite, Metasploit, Cobalt Strike, etc.).
Defensive Stack:
Expert-level knowledge of SIEM (Microsoft Sentinel preferred), EDR (Defender for Endpoint/Crowd Strike), and NDR.
Scripting/Automation:
Strong ability to build custom queries (KQL/SQL) and SOAR automation (Logic Apps/Python).
Frameworks:
Mastery of MITRE ATT&CK, OWASP, and SANS Top 25.
Why Activ Bytes Technologies? We operate at the cutting edge of Cybersecurity and AI/RPA Automation. You will have the autonomy to break things (ethically) so we can build them back stronger, ensuring our world-class clients—from luxury wellness resorts to global tech firms—remain unshakeable.

Please send your resume to  and include your current CTC, expected CTC, and notice period.