Description

We are establishing a lean, cloud-hosted, open-source SOC/MDR platform designed to be revenue-generating, SOC2-aligned, globally standard, and cost-efficient.

The SOC Platform & Security Engineer will be responsible for designing, deploying, configuring, and maintaining the SOC infrastructure based on client requirements. The role ensures platform stability, scalability, automation, and log integration, while also supporting penetration testing and technical security assessments.

This is a hands-on engineering role critical to delivering reliable SOC/MDR services and enabling scalable cybersecurity operations.

Job Responsibilities

1. SOC Platform Implementation & Management

• Deploy and maintain open-source SOC stack (Wazuh, OpenSearch, TheHive, Cortex, automation tools).
• Configure SIEM pipelines, indexers, dashboards, and alerting mechanisms.
• Manage agent deployment across endpoints, servers, and cloud workloads.
• Ensure high availability, performance tuning, and storage optimization.
• Perform system hardening of SOC infrastructure (Windows/Linux/VM/cloud).
• Maintain backup, log retention, and disaster recovery configurations.

2. Client-Focused SOC Configuration

• Analyze client infrastructure and log sources.
• Design onboarding strategy for firewalls, servers, endpoints, cloud logs, and applications.
• Customize monitoring policies and alert rules based on client risk profile.
• Implement secure connectivity (VPN, IP filtering, segmentation).
• Support client-specific compliance requirements (SOC2 alignment).

3. Automation & Optimization

• Implement automation workflows (Shuffle/n8n) to reduce manual workload.
• Integrate threat intelligence feeds and IOC enrichment tools.
• Tune performance to reduce latency and false positives.
• Continuously optimize detection logic and platform efficiency.

4. SOC Operational Support

• Assist SOC Analysts during major incidents requiring system-level intervention.
• Support log parsing, ingestion troubleshooting, and correlation improvements.
• Participate in incident response activities when required.

5. Penetration Testing & Security Assessment Support

• Assist in infrastructure-level security assessments.
• Support vulnerability validation and exposure verification.
• Participate in web application and network security testing (black-box support).
• Help validate remediation effectiveness post-assessment.

6. Documentation & Governance

• Maintain system architecture diagrams and configuration documentation.
• Document onboarding processes and technical deployment steps.
• Ensure compliance-ready documentation for audits and internal reviews.

Required Qualifications

• Bachelor’s degree in Computer Science, IT, or related field.
• 2 to 4 years of experience in systems engineering, DevOps, or security engineering.
• Strong Linux system administration skills.
• Experience with SIEM/log management platforms (Wazuh preferred).
• Hands-on experience with cloud platforms (AWS/Azure/GCP).
• Strong networking fundamentals (TCP/IP, firewalls, VPN, DNS).
• Basic understanding of penetration testing methodologies.