MINIMUM QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information Technology, or related field.
• 3+ years of IT security experience with exposure to AI/ML projects.
• 2+ years of experience in network traffic analysis.
• Strong understanding of TCP/IP fundamentals, Boolean logic, and network-level exploits.
• Knowledge of IDS/IPS technologies, architectures, vendors, and methodologies.
• Hands-on experience with IDS/IPS signatures, anomaly-based detection, and signature creation.
• Experience with cloud security (AWS, Azure, GCP).
• Familiarity with cybersecurity automation and SOAR platforms.
• Proficiency with machine learning frameworks for anomaly detection, threat intelligence, and behavioral analysis.
• Ability to preprocess and transform large datasets (logs, network traffic, etc.) for ML applications.
• Knowledge of applying AI/ML techniques in cybersecurity, including predictive analytics, automated detection, and incident response automation.
• Strong oral and written communication skills with excellent interpersonal and organizational abilities.
• Understanding of risk management techniques and security control frameworks.

PREFERRED QUALIFICATIONS:

• One or more relevant certifications such as GIAC Certified Enterprise Defender (GCED), GIAC Security Essentials (GSEC), CISSP, or SSCP.
• Experience evaluating AI/ML solutions in SOC environments.
• Strong problem-solving skills with proven ability to identify and implement automation use cases.

ABOUT THE ROLE:

We are seeking experienced Threat Management Specialists to support cybersecurity operations and incident response. This role requires deep-dive incident analysis, correlation of data across multiple platforms, and the ability to determine the scope and impact of potential security incidents. The specialist will leverage advanced tools, including AI/ML and SOAR, to enhance detection, response, and overall SOC efficiency.

KEY RESPONSIBILITIES:

• Perform deep-dive analysis of security incidents by correlating data from various sources to determine scope, severity, and impact.
• Identify cybersecurity problems and recommend mitigating controls.
• Analyze network traffic to identify intrusion attempts or exploit-related activity.
• Recommend and configure detection mechanisms for intrusion or exploit attempts.
• Provide subject matter expertise on network-based attacks, traffic analysis, and intrusion methodologies.
• Escalate complex incidents requiring further investigation to senior team members.
• Execute operational processes supporting incident response and remediation efforts.
• Leverage AI/ML-based tools to detect anomalies, automate incident triage, and enhance SOC capabilities.
• Perform threat intelligence analysis to assess risk and adapt defenses using ML-enhanced tools.
• Manage email security through ProofPoint, including monitoring, detection, and response to threats.
• Configure and use Splunk for log analysis, alert creation, and incident investigation.
• Deploy and manage FirePower for network monitoring and traffic analysis.
• Deploy and manage SentinelOne agents, monitor alerts, and conduct security assessments.
• Monitor and respond to alerts across platforms including Microsoft Defender for Cloud Apps, Defender for Endpoint, Defender XDR, Defender for Office 365, Azure Entra ID, and Google Cloud Security Command Center (SCC).
• Conduct threat detection, investigation of suspicious activity, incident response coordination, and remediation actions.
• Tune security policies and maintain visibility into cloud and endpoint environments.
• Stay up-to-date on emerging cybersecurity threats, AI/ML research, and attack methodologies.
• Identify and implement automation use cases to enhance SOC efficiency and reduce manual workload.
• Collaborate with cross-functional teams to improve SOC processes through AI/ML and automation.