Black & Grey HR is recruiting for an established technology solutions and services provider in Doha, Qatar. Our client is seeking a SOC Engineer to strengthen its Security Operations Center (SOC) by monitoring, detecting, investigating, and responding to cybersecurity incidents across enterprise IT environments. This role is ideal for professionals with hands-on SOC experience who are passionate about threat detection, incident response, and maintaining a strong organizational security posture.
Key Responsibilities
Security Monitoring & Incident Detection
- Monitor security alerts generated from SIEM, XDR, EDR, NDR, IDS/IPS, firewalls, and cloud security platforms.
- Identify, validate, triage, and prioritize security incidents based on severity, impact, and business risk.
- Continuously monitor security events to detect malicious activities and potential threats.
Incident Response & Threat Investigation
- Investigate security incidents and perform root cause analysis.
- Analyze malware, attack techniques, and suspicious activities to determine impact and remediation actions.
- Coordinate containment, eradication, and recovery activities with internal teams.
- Escalate high-severity incidents following established incident response procedures.
Threat Hunting & Detection Engineering
- Perform proactive threat hunting activities using scheduled queries and threat intelligence.
- Monitor threat hunting dashboards and validate suspicious indicators of compromise.
- Identify emerging attack patterns and recommend improvements to detection capabilities.
Vulnerability Management & Security Operations
- Review vulnerability assessment results and monitor remediation progress.
- Validate patch implementation and ensure timely closure of remediation activities.
- Support day-to-day security operations and ensure compliance with operational procedures.
Reporting & Operational Excellence
- Maintain accurate incident records, investigation notes, and ticket updates.
- Prepare daily operational reports, shift handover documentation, and incident summaries.
- Ensure compliance with defined SLAs and operational performance metrics.
- Contribute to continuous improvement of SOC processes and security operations.
Requirements- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- 1–4 years of hands-on experience working in a Security Operations Center (SOC).
- Experience monitoring SIEM, EDR/XDR, IDS/IPS, firewalls, email security, and cloud security platforms.
- Good understanding of incident triage, security event classification, escalation procedures, and ticket management.
- Strong understanding of networking fundamentals including TCP/IP, DNS, HTTP/HTTPS, VPN, routing, switching, and common network protocols.
- Experience working with Windows and Linux operating systems, endpoint security, and system log analysis.
- Knowledge of common cyber threats including phishing, ransomware, malware, brute force attacks, web attacks, and insider threats.
- Preferred certifications:
o CompTIA Security+
o CompTIA CySA+
o EC-Council Certified Network Defender (CND)
o Cisco CyberOps Associate
o Microsoft SC-200
- Additional certifications such as CHFI or DFIR Foundations will be an advantage.
Required Skillset
- Security Information & Event Management (SIEM) monitoring and alert analysis.
- Endpoint Detection & Response (EDR/XDR) and Network Detection & Response (NDR).
- Incident detection, triage, investigation, and response.
- Threat hunting and threat intelligence analysis.
- Vulnerability management and remediation tracking.
- Log analysis across endpoints, servers, firewalls, proxies, Active Directory, cloud platforms, and security appliances.
- Basic scripting skills using PowerShell, Python, or Bash for automation and log analysis.
- Strong documentation, communication, and incident reporting skills.
- Ability to work in a 24Ã7 SOC environment and collaborate effectively during security incidents.
Benefits- Competitive Salary + Benefits Package