Security Operations Center (SOC) Tier 3

Key Responsibilities:

Incident Response

• Lead and coordinate the investigation, response, and recovery processes for complex cybersecurity incidents
• Determine attack impact, root cause, and techniques (TTPs); propose effective containment, eradication, and remediation actions.
• Collaborate across teams to collect evidence, validate IOC/IOA, and build complete incident timelines.
• Maintain and enhance operational documentation, including runbooks, playbooks, and IR procedures.
• Organize and evaluate tabletop exercises and SOAR/playbook effectiveness to drive process improvement.
• Prepare detailed post-incident reports, conduct lessons learned sessions, and propose preventive measures.
• Measure and optimize MTTR (Mean Time to Respond) for faster recovery.
• Train Tier 1 and Tier 2 analysts on escalation procedures and critical incident identification.

Threat Hunting

• Design and execute proactive threat-hunting campaigns to detect hidden or emerging threats.
• Analyze user, process, and network behaviors to uncover new IOC/IOA and attacker techniques (TTPs).
• Identify potential vulnerabilities or misconfigurations through continuous system assessments.
• Collaborate with Threat Intelligence teams to transform threat insights into new detection logic or use cases.
• Validate hunting outcomes with the IR team and document findings in the SOC knowledge base.
• Support automation initiatives and work with the engineering team on SIEM/XDR tuning

Malware Analysis

• Perform in-depth analysis of suspicious files or binaries (PE, ELF, scripts, macros, etc.) to determine behavior, mechanisms, and impact.
• Develop IOC, YARA, and Snort rules, and share detection logic with Threat Hunting and SOC teams.
• Collaborate with IR and Forensics teams to analyze malware from compromised devices.
• Conduct reverse engineering (static and dynamic) to identify persistence, command-and-control (C2), and evasion techniques.
• Maintain a secure sandbox environment for malware detonation and testing.
• Produce detailed technical reports summarizing findings and defensive recommendations.

Digital Forensics

• Establish and maintain forensic procedures for evidence collection, preservation, and analysis following standard methodologies.
• Analyze disk, memory, and network captures to reconstruct attack timelines and determine impact.
• Collaborate closely with IR and Threat Intel teams in major incident investigations.
• Use specialized tools such as Autopsy, FTK, EnCase, Volatility, and X-Ways for forensic analysis.
• Build detailed event timelines and provide forensic evidence for legal or internal reporting.
• Deliver comprehensive forensic reports with actionable technical recommendations.

Requirements:

• Education: Bachelor’s degree in Information Security, Computer Science, or a related field.
• Experience: At least 5 years of hands-on experience in SOC or equivalent cybersecurity roles.

Technical Expertise

Incident Response:

• Deep understanding of IR frameworks (NIST 800-61, SANS six-phase model).
• Strong knowledge of enterprise network architecture, Active Directory, and security technologies.
• Experience handling APT, ransomware, phishing, privilege escalation, and lateral movement attacks.
• Skilled in analyzing diverse system and security logs; scripting for automation is a plus.
• Familiarity with SOAR systems and automated playbook design.
• Proficient in producing detailed technical reports and leading post-incident reviews.

Threat Hunting:

• Strong grasp of the MITRE ATT&CK Framework and behavioral detection methods.
• Experience writing and optimizing detection rules in enterprise or hybrid cloud environments (AWS, Azure, GCP).
• Proficiency in analyzing logs, process trees, network flows, and endpoint telemetry.
• Familiar with Threat Intelligence feeds (MISP, OpenCTI, VirusTotal, Shodan, AbuseIPDB, etc.).
• Scripting ability for automation and data enrichment tasks.
• Solid understanding of network protocols and multi-source log correlation.

Malware Analysis:

• Expertise in both static and dynamic malware analysis
• Experience in reverse engineering with C/C++/Python/.NET and understanding Windows/Linux internals.
• Familiarity with assembly, packing, obfuscation, and anti-debugging techniques.
• Capable of creating and tuning YARA/Snort rules and extracting IOC data.
• Knowledge of common malware families such as RATs, Trojans, ransomware, and rootkits.

Digital Forensics:

• Knowledge of forensic principles (chain of custody, documentation, integrity).
• Proficient in tools like Autopsy, FTK, X-Ways, Volatility, and Magnet AXIOM.
• Skilled in analyzing disk images, memory dumps, and Windows artifacts (registry, prefetch, SRUM, shimcache).
• Understanding of file systems (NTFS, EXT4, FAT32), OS internals, and email/browser forensics.
• Experience reconstructing attack timelines and event correlations.

Preferred

• Relevant professional certifications (e.g., GCFA, GREM, GNFA, CEH, CHFI).
• Good English communication skills.

Benefits:

• Competitive compensation with 13-month guaranteed salary.
• Full social insurance and comprehensive health coverage.
• Access to internal benefit programs and employee services.
• Work on national-scale cybersecurity initiatives in a large enterprise environment with strategic, high-impact projects.

HOW TO APPLY: Please send your CV to the consultant in charge: 
Ms. My Do
Email: my.do@ev-search.com 
All applications will be considered without regard to race, color, religion, sex (inclusing pregnancy and fender identity), national origion, political affiliation, sexual orientation, mariatal status, disability, genetic information, age, membership in an employee organization, parental status, military service or other nonmerit factor