Lead advanced incident response, including triage, containment, eradication, and root cause analysis.
Perform forensic investigations, malware analysis, and threat hunting activities.
Manage and fine-tune enterprise security solutions: SIEM, EDR, NDR, firewalls, IDS/IPS, DLP, WAF, VPNs, etc.
Act as a subject matter expert (SME) for escalated security events from L1/L2 teams.
Review and update runbooks, threat detection rules, and incident response procedures.
Collaborate with threat intelligence teams to analyze IOCs, TTPs, and emerging threats.
Perform regular vulnerability assessments and coordinate patch management with IT/DevOps.
Conduct security reviews of infrastructure, applications, and network architecture.
Ensure compliance with ISO 27001, NIST, GDPR, PCI-DSS, or other applicable standards.
Automate security operations and incident response workflows using tools/scripts (e.g., Python, PowerShell).
Mentor junior engineers and conduct technical training sessions.

Bachelor's or Master's degree in Information Security, Computer Science, or related field.
5–10 years of hands-on experience in cybersecurity, with at least 2–3 years in an L3 or advanced SOC role.
Expertise in managing and troubleshooting security tools:
SIEM (Splunk, QRadar, ArcSight, etc.)
EDR/XDR (CrowdStrike, SentinelOne, Defender ATP)
Firewalls (Palo Alto, Fortinet, Cisco ASA)
IDS/IPS, DLP, VPN, NAC, etc.
Strong knowledge of cyberattack techniques, threat detection, and incident response lifecycle.
Familiarity with MITRE ATT&CK, Cyber Kill Chain, STIX/TAXII, and YARA rules.
Proficiency in scripting or automation (Python, Bash, PowerShell).
Excellent documentation, troubleshooting, and analytical skills.

Security L3 Engineer