Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Job Overview:

As a Senior Security Operations Engineer, you will be an integral part of Qualys SOC (Security Operation Center) and CSIRT (Cyber Security Incident Response Team) contributing to the day-to-day activities aimed at governing entire incident management lifecycle from incident monitoring, triaging, analyzing, and responding to security incidents. This role requires a solid understanding of security technologies, incident triage/investigation & incident response, and a proactive approach to identifying and mitigating potential threats. You will leverage advanced cybersecurity tools and techniques to monitor and secure Qualys infrastructure/systems, Qualys Cloud Platforms, respond to alerts, investigate potential threats, and proactively work for mitigation of identified cyber threats/incidents. At the same time, you will be responsible for providing expert guidance to other SOC engineers in the team and working closely with SOC/CSIRT leadership to improve the organization’s security posture.

Key Responsibilities:

Security Monitoring and Analysis:

  • Proactively monitor security systems, SIEM platforms, various security tools, analyze logs, network traffic, system events and incident alerts for signs of malicious activity or policy violation. 
  • Conduct incident triage, build incident investigation hypothesis, incident response approach. 
  • Investigate and respond to alerts, ensuring a timely and effective resolution.
  • Review the triggered incident and analyze the incident tickets created by SOC level 1 engineers for correct incident classification, categorization, setting up security permission, false positive validation and finetuning etc.
  • Must be familiar with various log sources and investigation approach depending on various kinds of incidents. Should understand the correlation between log sources as needed for investigation.
  • Analyze network and host activities associated with both successful and unsuccessful intrusions by threat actor's basis perimeter security logs.
  • Should have experience in correlating malware infections with attack vectors to determine the extent of security and data compromise.
  • Monitor SIEM and other security tools alerts for anomalous or suspicious activity; research alerts and make recommendations to remediate concerns.
  • Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and follow the Incident Response Plan for required response.
  • The ability to perform analysis of log files from multiple different devices and environments and identify indicators of security threats.
  • You will be responsible for assisting all junior SOC engineers related to incident monitoring, investigation and response.

    • Incident Response:

  • Participate in incident response activities, assisting in the identification, containment, eradication, and recovery from security incidents.
  • Run incident response calls with help of CSIRT lead/manager via incident warroom and bridge call to other incident resolution teams.
  • Document incident response activities along with entire incident timelines and contribute to post-incident reports.

    • Threat Detection & Analysis:

  • Analyze logs, security events, and network traffic for anomalies and indicators of compromise (IOCs).
  • Perform forensic analysis on potentially compromised systems using in-house digital forensic lab.
  • Conduct sandbox analysis and obtain report for various malicious code/payloads identified in case of infected systems.

    • Security Tool Management:

  • Configure and manage security tools such as Endpoint Detection and Response (EDR), Endpoint Protection Platforms (EPP), File Integrity Monitoring (FIM), Application Control (Whitelisting/Blacklisting) on endpoints etc.
  • Identify different attack patterns (IOA - Indicator of Attacks) in security logs which can cause harm to our system. Work with SIEM detection team to convert these patterns into an automated detection logic on SIEM platform.

    • Threat Intelligence Support:

  • Configure and manage the open source and in-house threat intelligence sharing platform.
  • Assist in the integration of threat intelligence into security operations processes to enhance detection capabilities.
  • Stay informed about the latest cybersecurity threats and vulnerabilities via various cyber security newsletters and security advisories. Notify SOC team about actionable for identified advisories. 

    • Threat Hunting:

  • Conduct proactive threat-hunting activities to identify emerging threats and weaknesses in the organization’s security defenses.
  • Follow organization threat hunting procedure to carry out our various threat hunting activities and work on remediation of identified misconfigurations/security issues during hunt.

    • Incident Response Documentation & SOAR Runbook Creation:

  • Work with CSIRT lead/manager to build incident response runbooks for remediation of various cyber-attack scenarios.
  • Identify unknown attack patterns by analyzing various log sources and work with SIEM administration team to convert them into automated use cases.
  • Translate conceptual SOC/IR requirements into technical data and integration requirement for SOAR platform.
  • Work with SIEM/SOAR admin team to convert the technical data into SOAR playbooks.
  • Enhance existing incident response runbooks and work on fine tuning of existing use cases on SIEM platform.

    • Experience:

  • 2-4 years of working experience in a Security Operations Center (SOC) or Incident Response role.

    • Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application