Back to search results
SOC Analyst
Location: Bogotá, Edificio Palo verde - Avenida 19 # 96-07
Posted: 5 Days ago
Job Type: Regular
Ref: R099542
Apply Now
A woman with short blonde hair and wearing a pink shirt is laughing at the camera. She is sat in a room that is painted bright yellow. Behind her is another female colleague, slightly out of focus. She has long brown hair and is wearing a brown top.

Role Overview

We are seeking an experienced Senior SOC Analyst to join our cybersecurity team. This role is responsible for orchestrating and responding to incidents, following processes, playbooks, and best practices.

 

The professional will work closely with other security fronts, infrastructure, systems, and business teams, evaluating improvements and adjustments necessary for the effectiveness of the incident response process, as well as supporting the organization's Cyber ​​Defense strategy.

 

Key Responsibilities

• Continuously monitor security alerts generated by the SIEM.

• Analyze security events from different sources (proxy, firewall, XDR, Cloud, database, DLP, among others) in order to identify possible incidents or violations, suspicious activities, or indicators of compromise (IOCs).

• Ability to write incident reports containing evidence, root cause analysis, action plan, and address issues with the responsible teams.

 • Manage the flow of security tickets and emails, ensuring the correct registration and follow-up of cases.

• Identify false positives, correlate events, and propose improvements to controls.

• Suggest and develop new SOAR playbooks.

• Contribute to the continuous evolution of monitoring, refinement of rules, and producing KPIs on MTTD (Mean Time to Detection), MTTR (Mean Time to Remediation), and False Positive Rate.

• Configure, create, and review security policies, operational playbooks, and exceptions in defense solutions (XDR, SIEM, SOAR, Email Protection, and other security tools).

• Conduct security investigations and threat hunting activities through in-depth analysis of logs, alerts, and telemetry, identifying anomalous behaviors, possible indicators of compromise, and potential early-stage threats.

 

 

 Required Skills & Experience
 

• At least 3 years of experience in SOC/CSIRT teams, working with information security monitoring and incident response.

• Proficiency in networks, protocols, and logs (firewall, proxy, DNS, syslog, endpoint, cloud, etc.).

• Experience with SIEM, EDR/XDR, DLP, WAF, IDS/IPS, FW, etc. solutions.

• Familiarity with MITRE ATT&CK, OWASP Top 10, CVSS, NIST CSF, and major attack scenarios, whether at the network level, application level, social engineering, ransomware and various malware, fraud, among others.

• Experience in event correlation and alert triage.

• Relevant certifications (e.g., Security+, CEH, CHFI) are highly desirable.

• Ability to orchestrate incidents, escalating to technology teams and other stakeholders.

• Practical knowledge of CrowdStrike Falcon, Microsoft Defender for Cloud, Defender for Endpoint, Microsoft Sentinel, and Defender for 365 solutions for monitoring, analysis, tuning, use case creation, and operational responses within these platforms. 


 

Preferred Qualifications

• Knowledge of scripts and automations, integration of new tools into SIEM.

• Knowledge of Threat Intel, to enrich the SOC, understanding of tools and techniques used in attacks (TTPs), investigations of IOCs, IOAs, data breach investigations, etc.

• Participation in Purple Team exercises and/or attack simulations to enrich threat detection methods.

• Certifications in CrowdStrike and Microsoft solutions.

Apply Now
Back to search results