Operate and enhance security monitoring capabilities, including SIEM and logging pipelines, ensuring actionable alerting and clear incident context.
Monitor and improve security posture across cloud and production environments through detection engineering, alert tuning, and operational hardening.
Triage, investigate, and respond to security events and incidents, coordinating containment, eradication, and recovery with engineering and infrastructure teams.
Design, build, and maintain security automation and tooling for operational workflows, including alert enrichment, response playbooks, and routine checks.
Support security reviews for infrastructure and services from an operational perspective, focusing on logging, monitoring, access controls, and incident readiness.
Maintain operational runbooks and contribute to tabletop exercises and post-incident reviews to drive continuous improvement.
Coordinate vulnerability management operations, including detection, prioritization, patch planning, validation, and reporting across infrastructure and services.
Qualifications
Must Have
Strong desire for continuous learning and growth.
Ability to work both independently and collaboratively with remote peers.
Familiarity with cloud infrastructure and CI/CD practices.
Familiarity with Infrastructure as a Code (IaC) Terraform.
Familiarity with AWS and GCP fundamentals.
Experience with observability and monitoring(logging, metrics, alerting).
Experience with SIEM, SOAR, EDR, and cloud security posture tooling (CSPM).
Experience with incident response processes and detection engineering.
Strong written and verbal English communication skills.
Nice to Have
Experience in coding/scripting (Python preferred).
Familiarity with common attack techniques and frameworks (MITRE ATT&CK) and how to map detections to them.
Experience with endpoint telemetry and investigations (Windows or Linux, process and network triage).
Familiarity with threat intelligence, IOC management, and basic malware triage.
Relevant SecOps and defense-focused certifications.
Active involvement in infrastructure or security communities, conferences, or open-source contributions.