Role Overview

We are seeking an experienced Senior SOC Analyst to join our cybersecurity team. This role is responsible for orchestrating and responding to incidents, following processes, playbooks, and best practices.

The professional will work closely with other security fronts, infrastructure, systems, and business teams, evaluating improvements and adjustments necessary for the effectiveness of the incident response process, as well as supporting the organization's Cyber ​​Defense strategy.

Key Responsibilities

• Continuously monitor security alerts generated by the SIEM.

• Analyze security events from different sources (proxy, firewall, XDR, Cloud, database, DLP, among others) in order to identify possible incidents or violations, suspicious activities, or indicators of compromise (IOCs).

• Ability to write incident reports containing evidence, root cause analysis, action plan, and address issues with the responsible teams.

• Handling L2 and L3 incidents.

• Identify false positives, correlate events, and propose improvements to controls.

• Suggest and develop new SOAR playbooks.

• Contribute to the continuous evolution of monitoring, refinement of rules, and producing KPIs on MTTD (Mean Time to Detection), MTTR (Mean Time to Remediation), and False Positive Rate.

• Configure, create, and review security policies, operational playbooks, and exceptions in defense solutions (XDR, SIEM, SOAR, Email Protection, and other security tools).

• Conduct security investigations and threat hunting activities through in-depth analysis of logs, alerts, and telemetry, identifying anomalous behaviors, possible indicators of compromise, and potential early-stage threats.
 

 Required Skills & Experience
 

• At least 5 years of experience in SOC/CSIRT teams, working with information security monitoring and incident response, and digital fraud investigation.

• Proficiency in networks, protocols, and logs (firewall, proxy, DNS, syslog, endpoint, cloud, etc.).

• Experience with SIEM, EDR/XDR, DLP, WAF, IDS/IPS, FW, etc. solutions.

• Familiarity with MITRE ATT&CK, OWASP Top 10, CVSS, NIST CSF, and major attack scenarios, whether at the network level, application level, social engineering, ransomware and various malware, fraud, among others.

• Experience in event correlation and alert triage.

• Relevant certifications (e.g., Security+, CEH, CHFI) are highly desirable.

• Fluency in English.

• Ability to orchestrate incidents, escalating to technology teams and other stakeholders.

• Practical knowledge of CrowdStrike Falcon, Microsoft Defender for Cloud, Defender for Endpoint, Microsoft Sentinel, and Defender for 365 solutions for monitoring, analysis, tuning, use case creation, and operational responses within these platforms. 

Preferred Qualifications

• Knowledge of scripts and automations, integration of new tools into SIEM.

• Knowledge of Threat Intel, to enrich the SOC, understanding of tools and techniques used in attacks (TTPs), investigations of IOCs, IOAs, data breach investigations, etc.

• Participation in Purple Team exercises and/or attack simulations to enrich threat detection methods.

• Certifications in CrowdStrike and Microsoft solutions.