SOC Security Consultant

Position summary:

We are seeking a skilled Security Consultant to join our Security Operations Center (SOC) team. The ideal candidate will have a strong background in SOC operations and will ensure the SOC team is performing its functions as required, including troubleshooting incidents and events. The ideal Security Consultant will also act as the technical subject matter expert (SME), handling critical SOC tasks, and guiding Level 1 and Level 2 customer communications.

 

Key Roles & Responsibilities:

 

1. Incident Response and Management

• Lead the investigation of high-severity security incidents and breaches.
• Provide expert analysis for complex incidents that L1 and L2 analysts cannot resolve.
• Develop and execute incident response procedures, including containment, eradication, and recovery.
• Ensure proper escalation processes are followed for incidents requiring higher expertise.
• Communicate with stakeholders, such as management and IT teams, to ensure appropriate handling of incidents.

 

 

1. Threat Hunting and Analysis

• Perform proactive threat hunting activities to identify potential vulnerabilities, threats, and attacks before they happen using Splunk / QRadar SIEM.
• Use threat intelligence feeds to enrich SOC operations and identify emerging threats.
• Analyze large volumes of security data to detect patterns and anomalies.

 

1. Security Tool Management

• Oversee and optimize the usage of security monitoring tools such as Splunk/ QRadar SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection systems.
• Configure, update, and fine-tune security tools to improve detection capabilities and reduce false positives.
• Recommend new security tools and technologies to improve SOC operations.

 

1. Log and Event Analysis

• Review logs from various sources (network, endpoints, servers, etc.) to identify security incidents.
• Ensure accurate log data collection and retention practices are followed.
• Provide in-depth analysis of security alerts and generate reports.

 

1. Vulnerability Management

• Conduct vulnerability assessments and prioritize remediation activities for critical vulnerabilities.
• Collaborate with the IT and development teams to address security flaws and implement patches.

 

1. Collaboration and Escalation

• Serve as the point of escalation for L1 and L2 SOC analysts when complex issues arise.
• Collaborate with other security teams, such as network security, application security, and IT operations, to ensure a comprehensive defense strategy.
• Work with external partners, including Managed Security Service Providers (MSSPs), to coordinate incident management and threat intelligence sharing.

 

1. Security Policies and Best Practices

• Review and recommend improvements to security policies, procedures, and best practices.
• Ensure that the organization's security policies are being followed and advise on improvements.
• Conduct regular security awareness training for SOC staff and the broader organization.

 

1. Reporting and Documentation

• Generate detailed reports on incidents, security posture, and threats for senior management and relevant stakeholders.
• Maintain incident logs and documentation to comply with regulatory and internal policies.
• Ensure all incidents are well-documented with root cause analysis, remediation efforts, and lessons learned.

1. Continuous Improvement

• Analyze the effectiveness of the SOC's operations and suggest improvements to processes, workflows, and technologies.
• Stay updated on the latest cyber threats, tools, and techniques.
• Assist with the development and execution of simulations, exercises, and training to improve SOC capabilities.

 

1. Compliance and Regulatory Requirements

• Ensure compliance with SLAs for all projects.
• Ensure SOC operations meet industry compliance requirements (e.g., GDPR, HIPAA, PCI DSS).
• Help in audits and compliance assessments related to security operations.

 

1. Mentoring and Training

• Provide mentorship and training to junior SOC analysts (L1 and L2).
• Share knowledge on advanced attack techniques, response strategies, and threat detection methods.

 

1. Report deviations and concerns to the SOC Manager

 

 Basic Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5+ years of experience in security operations, SIEM, or IT security.
• Hands-on experience with SOC operations, incident response, and security monitoring.
• Solid understanding of cybersecurity fundamentals, networking, and IT infrastructure.
• Strong problem-solving skills and ability to communicate effectively with technical and non-technical stakeholders.

 

Preferred Qualifications:

• Relevant certifications such as CISSP, CISM, GCIA, or GCIH.
• Experience with SIEM platforms (e.g., Splunk, XSIAM, QRadar) and security tools.
• Experience with SOAR platforms and security automation.
• Knowledge of cloud security (AWS, Azure, GCP) and hybrid SOC environments.
• Familiarity with enterprise security tools (e.g., EDR, XDR, WAF, DLP) and managed SOC environments.