Description

We are establishing a lean, cloud-hosted, open-source SOC/MDR platform designed to be revenue-generating, SOC2-aligned, globally standard, and cost-efficient.

The Security Operations & Threat Analyst will play a dual role in SOC operations and SOC/MDR implementation. The position is responsible for real-time monitoring, incident analysis, and incident response, while actively participating in SOC/MDR deployment, configuration, client requirement analysis, and security assessments.

This is a hands-on technical role aligned with BS23’s objective of building a scalable, commercially viable cybersecurity services practice.

Job Responsibilities

1. SOC/MDR Implementation & Configuration

• Participate in end-to-end SOC/MDR implementation for internal and client environments.
• Assist in Wazuh agent deployment, log onboarding, rule configuration, and alert tuning.
• Configure log pipelines, dashboards, and monitoring policies.
• Support integration of firewalls, servers, endpoints, and cloud logs into the SOC platform.
• Assist in automation workflows to improve operational efficiency.
• Validate detection coverage post-implementation.

2. SOC Monitoring & Incident Response

• Monitor SIEM/EDR alerts (Wazuh-based SOC stack).
• Perform log analysis, alert validation, and incident triage.
• Investigate suspicious activities across endpoints, servers, network, and cloud logs.
• Execute containment actions (IP blocking, endpoint isolation, IOC validation).
• Escalate confirmed incidents with complete technical evidence.
• Maintain case documentation in TheHive and ensure SLA compliance.

3. Client Requirement Analysis & Security Assessment

• Assist in gathering and analyzing client security monitoring requirements.
• Support infrastructure and exposure assessments prior to SOC onboarding.
• Perform baseline security posture review and log source validation.
• Contribute to technical documentation for client onboarding and service scope definition.

4. Threat Detection & Analysis

• Support detection rule tuning and false-positive reduction.
• Map incidents to MITRE ATT&CK framework.
• Perform IOC enrichment and OSINT validation.
• Improve detection logic under guidance of SOC Lead.

5. Network & Penetration Testing Support

• Assist in network exposure assessment and segmentation review.
• Support vulnerability validation and misconfiguration detection.
• Participate in web application testing aligned with OWASP Top 10.
• Conduct black-box testing using Burp Suite / OWASP ZAP.
• Document findings with technical proof-of-concept and risk impact explanation.

6. Reporting & Documentation

• Prepare incident summaries and technical assessment reports.
• Maintain SOC documentation, playbooks, and configuration records.
• Support executive-ready client reporting under supervision of SOC Lead.

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• 3 to 5 years’ experience in SOC or cybersecurity operations.
• Hands-on experience with SIEM/log analysis (Wazuh preferred).
• Basic understanding of networking (TCP/IP, DNS, HTTP/HTTPS, firewalls).
• Familiarity with OWASP Top 10 vulnerabilities.
• Experience with Burp Suite / OWASP ZAP (basic to intermediate).
• Understanding of incident response lifecycle and security monitoring workflows.