SOC Engineer

Overview

The SOC Platform Engineer with a minimum of 5 years of total experience to oversee the administrative functions of Threat Intelligence Platforms and other solutions within our Security Operations Center (SOC). In this role, you will manage and administrate the day-to-day operations of numerous SOC systems, ensuring effective integration and alignment with our security objectives. This includes user access and performance monitoring, while collaborating with technical teams to implement enhancements that improve our security posture. Additionally, you will maintain comprehensive documentation of processes and procedures and monitor the effectiveness of threat intelligence initiatives, providing insights for optimization. Strong organizational and communication skills are essential, as you will work closely with diverse teams to ensure the SOC operates efficiently and effectively in safeguarding the organization against cyber threats.

Responsibilities

• Manage and maintain enterprise and open-source threat intelligence platforms and solutions, including configuration, optimization, and integration with other SOC tools.
• Manage the ingestion and consumption of threat intelligence in the TIP, ensuring information is available and correctly organized for analysis.
• Manage the integration and dissemination of threat intelligence feeds into the SOC internal and external environment, ensuring compatibility with existing tools and workflows.
• Collaborate with other SOC engineering teams to tightly integrate threat intelligence solutions with existing SOC tools (SIEM, SOAR, EDR, NDR) and workflows for enhanced threat detection and service excellence.
• Develop and implement automation scripts and processes to streamline the collection, normalization, and dissemination of threat intelligence data.
• Customize and enhance threat intelligence platforms to meet the specific requirements of the SOC, including the development of custom parsers, connectors, and integrations.
• Leverage your strong technical skills in operating systems, networking, and APIs to troubleshoot and resolve any issues related to Threat Intelligence platforms (TIP), Network Detection and Response (NDR), and other systems.
• Provide day to day support to threat intelligence analysts by ensuring they have access to relevant threat feeds and assisting in the analysis and interpretation of threat data.
• Continuously monitor, optimize, and report on the performance of threat intelligence solutions, identifying and resolving any issues or bottlenecks.
• Maintain comprehensive documentation of threat intelligence platform configurations, processes, and procedures. Generate regular reports on threat intelligence activities and findings for stakeholders.
• Collaborate with other SOC engineering teams to share knowledge, best practices, and lessons learned in threat intelligence management. Provide training and guidance to junior engineers as needed.
• Participate in special projects as needed to support the evolving needs of the Security Operations Center (SOC).

Skills

• Solid understanding of cloud platforms (AWS, Azure, Google Cloud) and their services.
• Solid knowledge of operating systems (Windows, Linux, macOS) and their security configurations.
• Thorough understanding of network protocols, architecture, and security.
• Eager learner with strong analytical and problem-solving abilities.
• Proficiency in scripting languages (e.g., Python, Bash) for automation.
• Deep understanding of API design, development, and integration.
• Experience with microservices architecture and containerization technologies (e.g., Docker, Kubernetes).
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication.

Qualifications

• Bachelor’s or master’s degree in computer science, Information Technology, or a related field.
• At least 5 years of experience in Systems Engineering in complex environments.

Certifications (preferred)

• Cloud-related certifications like AWS Certified Solutions Architect - Associate, Google Professional Cloud Architect - Associate, or Microsoft Certified: Azure Administrator Associate.

Networking certifications such as CCNA or CCNP are advantageous.