Job description:

Role summary
Monitor, triage, and investigate security alerts. Execute playbooks, reduce false positives, and escalate incidents.

Key responsibilities

• Monitor SIEM alerts and triage events per SOPs and SLAs
• Perform basic threat hunting and tune detections with the senior team
• Collect and preserve logs, artifacts, and evidence for investigations
• Create tickets, document incidents, and propose control improvements
• Coordinate with IT and engineering during containment and recovery

Minimum qualifications

• 1 to 3 years in SOC, blue team, or IT security operations
• Familiar with SIEM and EDR tools, basic networking, Windows and Linux basics
• Understanding of MITRE ATT&CK, phishing analysis, and common TTPs
• Strong written communications and shift readiness

Preferred

• Scripting for automation in Python or PowerShell
• Certifications: Security+, CySA+, Microsoft SC-200, AZ-500 or equivalent

Tools

• Microsoft Sentinel or Splunk, Defender or CrowdStrike, Zeek or Suricata, SOAR

KPIs

• Mean time to detect and respond, true positive rate, alert fatigue reduction

Screening questions

• Walk through your triage of a suspicious PowerShell event
• How would you reduce false positives from a noisy rule

Job Type: Full-time

Work Location: On the road