Cybersecurity Operations Engineer

• Monitor and triage security alerts from SIEM, EDR, and other security platforms.

• Investigate security incidents, perform root cause analysis, and support containment, eradication, and recovery activities.

• Assist in maintaining and updating incident response playbooks and operational runbooks.

• Operate and maintain security tools including SIEM, EDR, NDR, WAF, and cloud security services.

• Support tuning of detection rules, alert logic, and log source onboarding.

• Use threat intelligence and MITRE ATT&CK techniques to improve detection coverage.

• Perform vulnerability scanning and support penetration testing activities.

• Analyse vulnerabilities, assess risk, and track remediation with system owners.

• Help monitor security baselines and identify configuration drift across systems and cloud environments.

• Work closely with SOC, infrastructure, cloud, and application teams to resolve security findings.

• Support security reporting, metrics tracking, and audit evidence collection.

• Participate in security awareness activities, tabletop exercises, and simulations.

Qualifications

• 3-6 years of experience in cybersecurity operations, SOC, or incident response roles.

• Hands-on experience with SIEM and endpoint security tools.

• Familiarity with vulnerability management and incident response processes.

• Knowledge of security frameworks such as NIST, ISO 27001

• Relevant certifications is preferred (e.g. CEH, Security+, GCIH, AWS Security).

EA Licence No: 11C5502 | EAP Registration No: R1106192