Software Engineer - SOC

About The Position

Requirements

• 2–4 years of experience in information security, security engineering, or a related field
• Hands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems
• Experience with incident response and security investigations
• Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations
• Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling
• Familiarity with software engineering fundamentals (data structures, APIs, version control, testing)

Nice To Haves

• Experience in Incident Response, Malware Analysis, and Threat Hunting
• Background in SOC, or SecDevOps practices
• Experience building or maintaining internal security tools or platforms
• Knowledge of distributed systems and observability (logging, metrics, tracing)
• Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)
• Relevant certifications (e.g., GCIA or similar)

Responsibilities

• Monitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior
• Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes
• Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities
• Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)
• Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CD
• Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows
• Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements
• Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability
• Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations
• Implement and scale security monitoring solutions across cloud-native and distributed environments
• Conduct proactive threat hunting using data-driven and hypothesis-based approaches
• Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines
• Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code
• Participate in architecture and design discussions to embed security into systems from the ground up
• Drive and contribute to broader security engineering and SOC modernization projects