Senior SOC Engineer (NDR/VM) Group 42

Network Detection & Response (NDR):

• Contribute to the Architecture design to deploy the NDR tool customized to the client s environment.
• Deploy and Manage the NDR solutions to monitor network traffic and detect malicious activity. (Like Core Light, Dark Trace, Vectra)
• Analyse network telemetry and behavioural patterns to identify threats such as lateral movement, data exfiltration, and command-and-control communications.
• Develop and fine-tune detection logic, signatures, and machine learning models to improve threat visibility.
• Integrate NDR platforms with SIEM and SOAR tools to enable automated alerting and response.
• Able to write and tune the network signature and has knowledge on Suricata and Snort rule writing.

Vulnerability Management:

• Deploy and Manage VM tools like Qualys, Tenable, or Rapid7 amongst others.
• End-to-end vulnerability management lifecycle: scanning, assessment, prioritization, and remediation tracking.
• Collaborate with infrastructure and application teams to ensure timely patching and mitigation of identified vulnerabilities.
• Maintain a centralized vulnerability dashboard and generate executive-level reports with risk-based metrics.
• Ensure alignment with regulatory requirements pertaining to the client industry.

Security Operations & Incident Response:

• Assist in Investigation and response to security incidents, leveraging NDR and vulnerability data.
• Work closely with SOC Team, threat hunting, and threat intelligence teams to contextualize alerts and improve detection capabilities.
• Contribute to the development of SOC playbooks and standard operating procedures

• Profound knowledge and hands-on experience with NDR tools and its architecture.
• Strong understanding of network traffic and analysis.
• Proven expertise in NDR platforms (e.g., Corelight, Vectra AI, Darktrace,) and vulnerability management tools (e.g., Qualys, Tenable, and Rapid7).
• Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
• Proven experiences with Vulnerability Management Service with end-to-end lifecycle.
• Hands on experience with writing and tuning detection signatures including Suricata and Snort.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot network issues related with network detections.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.

Excellent problem-solving skills and the ability to make decisions under pressure.