Cybersecurity Operations Specialist II

Job Responsibilities

• Conduct research on current threats and trends and lead response efforts.
• Design, maintain, and document detection opportunities, leveraging Threat Intelligence and industry best practices.
• Design, implement, and manage the SIEM infrastructure, including data collection, normalization, and correlation rules across various security tools and systems.
• Develop customized dashboards and reports to visualize security trends and key performance indicators (KPIs).
• Fine-tune SIEM alerts to minimize false positives and effectively identify potential threats.
• Integrate new data sources into the SIEM platform to enhance visibility.
• Monitor SIEM alerts for suspicious activities and conduct in-depth investigations to determine the root cause of incidents.
• Classify security alerts, prioritize critical incidents, and escalate to the appropriate teams as needed.
• Perform forensic analysis on security events to gather evidence and support incident response activities.
• Implement corrective actions to mitigate security threats and vulnerabilities.
• Work closely with other security teams, including network services, applications, product teams, and incident responders, to share information and coordinate response actions.
• Communicate security risks and findings effectively to both technical and non-technical audiences.
• Manage relationships with vendors related to cybersecurity products and services.
• Collaborate with other IT teams to ensure the security of company systems and data.
• Stay up to date on the latest cybersecurity trends, threats, and technologies.
• Provide training and guidance to team members on SIEM and threat-hunting techniques.

Job Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related fields (preferred).
• Minimum of 5 years of experience in cybersecurity.
• Strong understanding of threat detection techniques and incident response procedures.
• Demonstrated expertise in designing, configuring, and deploying SIEM systems, with specialization in Azure Sentinel, for security event collection, analysis, and response.
• In-depth knowledge of Azure services, including Azure Sentinel, Azure Monitor, and Log Analytics.
• Experience in log analysis, including modeling, patterns, and correlation.
• Familiarity with common security frameworks, such as CIS, NIST, and GDPR.
• Ability to assess complex security environments and develop effective rules, queries, and alerts.
• Proficiency in scripting and automation, including KQL, Python, and PowerShell.
• Strong understanding of the diamond model, MITRE ATT&CK, cyber kill chain, and threat intelligence terminology.
• Experience in managing and monitoring SIEM systems and threat intelligence.
• Comprehensive knowledge of IT and cybersecurity technologies, with previous experience in IT support, such as networking, SOC, or server specialist roles (preferred).
• Solid knowledge of cybersecurity best practices and standards.
• Excellent communication and interpersonal skills in English.
• Ability to work independently and as part of a team.
• Relevant certifications, such as CISSP, CISM, or GIAC, are highly desirable.