Security Operations Analyst (SIEM Technologies)

• In close collaboration, build, adjust and implement analytics and detection rules for SIEM, EDR and AV.
• Under guidance, participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement.
• Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules.
• Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules.
• Contribute to the preparation of KPIs for cybersecurity operations capabilities.
• Monitor, triage, and investigate security alerts across Microsoft security tools, AWS, SIEM platforms, and EDR solutions.
• Identify root causes, direct remediation and recovery actions, and support incident response efforts.
• Follow structured analytical processes and collaborate with other analysts and teams to ensure effective threat management.
• Prepare and present security reports, summaries, and findings to clients.
• Contribute to the improvement of CSOC processes and procedures, including quality control procedures, documentation and knowledge base updates.
• Gather the necessary information from the client to identify opportunities for whitelist tuning and optimization to reduce false positives and enhance detection quality.
• Reviewing feedback and implementing corrective actions to maintain service excellence.
• Provide other ad hoc support as required.
• Participate in on-call rotation.

Do you have experience in Windows?, * A minimum of five (5) years of relevant experience in information technology field, including triage of alerts and supporting security incidents.

• Proven experience on administering a SIEM platform, preferably either Splunk or Microsoft Sentinel SIEM.
• Proven experience with the usual toolbox available in a SOC (e.g., SIEMs, EDRs) and being able to autonomously perform technical analysis of security threats and collaborate with Incident Response team.
• Deep knowledge of Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR.
• Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP).
• Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack.
• Knowledge of at least one EDR solution (MS Defender for Endpoint, CrowdStrike).
• Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols.
• Knowledge of email security, network monitoring, and incident response.
• Knowledge of Linux/Mac/Windows.
• Expert knowledge of English, both written and spoken, is required.

The resource SHOULD have the following skills and experience:

• Experience in building SIEM architectures from initial design to implementation, including designing data ingestion pipelines for diverse log sources across cloud and on-prem environments.
• Proven knowledge of monitoring AWS environment (IaaS, SaaS, PaaS).
• Knowledge of at least one general-purpose or shell scripting language (e.g. Ruby, Bash, PowerShell, Python, etc).

Desirable certifications:

• Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or any GIAC/similar certification.
• Relevant industry certifications.

Soft skills:

• Excellent communication skills.
• Customer-facing experience and oral communication skills.
• Ability to write documentation & reports.
• Creativity/ ability to find innovative solutions.
• Willingness to learn on the job.
• Conflict management & cooperation.