Lead Engineer, Security Enablement & Operations

Job Description

Job Summary: As the Lead Engineer for Security Operation Center (SOC) Platforms, you will be responsible for the design, implementation, and maintenance of security platforms. You will ensure the effective operation of these platforms, oversee the development of new features and integrations, and work closely with stakeholders to meet security requirements.

Key Responsibilities:
Platform Management:
Designing, developing, implementing, and maintaining the platform like SIEM, SOAR, EDR, XDR, Threat Intel and other platforms. Platform enhancement and optimization, managing the EPS or MPS or Traffic ingestion and hardware sizing.
Planning and maintaining the infrastructure (private, public cloud) to host the SOC platforms.
Ensure platforms are operating efficiently and effectively to meet security objectives. Carry out the platform related operational activities. 
Security Architecture. Design secure systems and define security specifications of components, integrating appropriate security controls.
Plan, prioritize, and manage multiple projects. Work with cross-functional teams.
Security Operations:
Collaborate with the security operations team to ensure the platforms support incident detection, response, and investigation.
Develop and implement security use cases, rules, and automation workflows. Stay current with emerging threats and ensure the platforms are updated accordingly.
Customer Engagement:
Work closely with customers to understand their security requirements and ensure our platforms meet their needs. Gather the technical requirements from customers for the infrastructure (Network, IT, Cloud and OT) monitoring based on the MDR/xDR product offering. 
Expertise in on-boarding customer. Log ingestion to SOC platforms (SIEM, SOAR and xDR), Parsing, Creating and fine-tuning Use Cases and Playbooks for the Automation.
Customer POC and trials. Provide technical guidance and support during customer onboarding and ongoing operations.
Innovation and Improvement:
Monitor platform performance and implement improvements, enhancement and integration as needed.
Evaluate and integrate new technologies and solutions to stay ahead of evolving security threats. Foster a culture of innovation.
Compliance and Governance:
Ensure compliance with relevant security standards and regulations. Maintain documentation and audit trails for platform changes and configurations.
Collaborate to address audit findings and implement corrective actions.

Qualifications

Qualifications:
Bachelor’s degree in computer science, information security, or a related field. Advanced degree preferred.
Bachelor’s or Advanced degree in computer science, information security, or a related field. 
6+ years of relevant experience, with a focus on SIEM, SOAR, XDR, EDR or related technologies.
Strong understanding of security operations, threat detection, and incident response.
Experience with RSA Netwitness, Splunk, IBM QRadar, Palo Alto XDR, XSOAR, XSIAM and others.
GCIA, GCIH, CISSP and/or SIEM/SOAR/XDR vendor specific certifications, if any.
Good knowledge on CSP (AWS or GCP or Alicloud certification) and network connectivity services useful for setting up the SOC and customer on-boarding. 
Good knowledge of Host Security (Windows, Unix, Linux), Firewall, VPN (IPSec & SSL), DDoS, Public Key Infrastructure, Encryption, DLP, Data Integrity, User Anomaly Detection, IPS/IDS, Network Access Control, Proxy, Email & Endpoint Security, TDR (Endpoint& Network), VAPT, Web Isolation, Log Management, SIEM, SOAR, Cloud Security, IAM, MFA, SSO, PAM.
 

Essential Skills:
Excellent project management skills and experience with Agile methodologies. 
Strong decision-making and interpersonal skills to foster teamwork and achieve goals.
Passion for delivering high-quality projects and products.
Strong business evaluation acumen and Knowledge in IT service administration