Security Operation Center (SOC) Engineer

Overview

The SOC Engineer is responsible for cybersecurity readiness of CIL’s operational technologies and mitigating security events or incidents. As part of the SOC team, the SOC Engineer is responsible for detecting, analyzing, and responding to security incidents, implementing security controls in a fast-paced and dynamic environment, while also leveraging automation and playbooks to streamline processes.

Main Duties and Responsibilities

1. Monitor security events and alerts, investigate security incidents, and respond promptly to mitigate potential threats using tools such as Microsoft Sentinel (SIEM) and Defender.
2. Proactively search for hidden threats and vulnerabilities across systems, networks, and applications to identify potential risks and ensure ongoing protection.
3. Develop and maintain automated workflows, playbooks, and processes to enhance incident response times and improve SOC operational efficiency.
4. Continuously analyze security data, identify anomalies, and provide actionable insights for improving security posture within CIL.
5. Proactively collaborate with different IT teams to develop high security maturity.

Responsibilities scope 

1. Security Monitoring and Analysis: Continuously monitor security dashboards, event logs, and alerts to identify, analyze, and respond to potential threats in real-time.
2. Threat Intelligence Integration: Leverage threat intelligence feeds and external sources to enhance threat detection capabilities and stay ahead of emerging threats.
3. Automation and Playbook Optimization: Create, maintain, and optimize security automation processes and playbooks to improve response times and incident management efficiency.
4. Incident Management: Lead the investigation and resolution of security incidents, ensuring proper documentation, root cause analysis, and follow-up actions are taken.
5. Security Tool Management: Administer and fine-tune Microsoft Sentinel, Defender, and other security tools used to ensure optimal effectiveness in detecting and mitigating risks.
6. Cross-team Collaboration: Work closely with other IT, security, and compliance teams to ensure alignment of security strategies, policies, and incident response procedures.
7. Documentation and Reporting: Document security configurations, processes, and procedures. Generate regular reports on security posture, incidents, and progress towards security goals.

Reporting

1. Direct reporting line to SOC manager.   

Required Competencies

1. Team spirit
2. Proactive approach
3. Excellent communication skills
4. Proficient level of English (Min. B level) and Portuguese
5. Strong analytical skills, ability to identify practical / pragmatic solutions.
6. Time management / planning - effectively managing personal workload

Required Experience 

1. Experience in security.
2. Previous experience with security solutions (FW, Proxy, SIEM).
3. Previous experience in Cloud environment (AWS, Azure or other).

Required Education

1. University degree
2. IT or Security certification (Such as Azure / Compliance / CISSP, CEH, etc.)

Travel 

Occasional International Travel might be needed