Senior SOC Engineer

Position: Senior SOC Engineer

Location: Amman, Jordan

Company: NourNet

-------------------------

Position Overview:

NourNet is seeking a highly skilled and experienced Senior SOC Engineer to join our Security Operations Center (SOC). In this role, you will lead efforts to detect, analyze, and respond to security incidents across a wide range of technologies and platforms. You will be responsible for providing advanced threat detection, incident response leadership, and ensuring the organization's security posture is continuously improved. The Senior SOC Engineer will also mentor junior analysts and play a key role in enhancing the effectiveness of our SOC operations.

-------------------------

Key Responsibilities:

1. Threat Detection & Analysis:

- Continuously monitor and analyze security alerts from multiple sources, including SIEM, IDS/IPS, endpoint protection, and firewalls, to identify and evaluate potential security threats.

- Conduct in-depth investigations of security incidents to validate severity, scope, and impact.

- Respond to various security incidents such as malware infections, phishing attempts, data breaches, and advanced persistent threats (APTs).

- Correlate data from different security technologies to detect complex attack patterns and uncover hidden threats.

2. Incident Response & Mitigation:

- Lead the triage and investigation of security incidents, coordinating with internal teams for effective containment and remediation.

- Develop and execute incident response plans, providing recommendations for immediate and long-term mitigation measures.

- Maintain detailed documentation throughout the incident lifecycle to ensure compliance and for post-incident analysis.

3. Security Monitoring & Reporting:

- Utilize SIEM platforms to monitor security events in real-time, fine-tuning detection rules and thresholds for improved accuracy.

- Generate detailed reports on security incidents, trends, and vulnerabilities for both technical and non-technical stakeholders.

- Maintain and update incident response playbooks, workflows, and standard operating procedures to ensure best practices are followed.

4. Team Leadership & Mentorship:

- Mentor and provide technical training to junior SOC analysts, fostering growth and knowledge sharing within the team.

- Assist in the development and continuous improvement of SOC processes, procedures, and incident response playbooks, aligning with industry standards (NIST, SAMA CSF, etc.).

- Collaborate with SOC leadership to enhance team capabilities, operational efficiency, and response times.

5. Collaboration & Communication:

- Collaborate with IT, networking, systems, and application teams to ensure robust security practices and threat mitigation.

- Communicate effectively with senior management and key stakeholders during and after security incidents, providing timely updates and transparent incident reports.

- Support the development and delivery of security awareness programs to educate employees on security best practices and emerging threats.

6. Continuous Improvement:

- Regularly assess and evaluate security tools, technologies, and processes to enhance the organization's overall security posture.

- Participate in post-incident reviews, identifying lessons learned and implementing improvements to the incident response process.

-------------------------

Required Skills & Experience:

Technical Proficiency:

- Hands-on experience with EDR (Endpoint Detection and Response) tools such as CrowdStrike, Carbon Black, or SentinelOne.

- Strong experience with IDS/IPS, firewalls, and network traffic analysis tools.

- Proficiency in vulnerability scanning (e.g., Nessus, Qualys) and patch management processes.

- Strong understanding of network security principles, including TCP/IP, and attack vectors such as SQL injection, cross-site scripting (XSS), ransomware, and APTs.

- Familiarity with cloud security principles (AWS, Azure, Google Cloud).

- Expertise in log analysis and troubleshooting of security events.

Incident Response & Security Frameworks:

- Proven experience in incident response and security event triage.

- Familiarity with security frameworks such as NIST, ISO 27001, CIS Controls, SAMA CSF, and NCA.

- Knowledge of security best practices for risk management, vulnerability assessment, and threat detection.

Scripting & Automation:

- Knowledge of scripting languages (Python, PowerShell, Bash) to automate security tasks and improve operational efficiency.

-------------------------

Preferred Qualifications:

- Certifications (Preferred but not required):

- CISSP (Certified Information Systems Security Professional)

- CEH (Certified Ethical Hacker)

- GSOC (GIAC Security Operations Certified)

- CompTIA Security+, CySA+ (CompTIA Cybersecurity Analyst)

- GCIH (Certified Incident Handler) or equivalent certifications.

-------------------------

Soft Skills:

- Problem-Solving: Ability to analyze complex security incidents and identify effective mitigation measures.

- Communication: Excellent written and verbal communication skills for reporting incidents and coordinating with internal teams and management.

- Stress Management: Ability to manage high-pressure situations effectively and stay organized during security incidents.

- Leadership: Strong leadership skills with the ability to mentor junior team members and foster collaboration within the SOC.