SOC Engineer

We are seeking a technical SOC Specialist with 3-5 years' experience to drive high-level incident response and threat detection within our 24/7 Security Operations Center. This role is responsible for the full incident lifecycle—from initial triage and traffic analysis to host recovery and remediation. The ideal candidate combines deep knowledge of Windows/Linux environments with the ability to design automated SOAR playbooks that enhance our defensive posture.

Location: Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates
Work Conditions: Full-time, shift work required

Responsibilities:

• Incident Management & Response

  • Provide continuous 24/7 oversight of security events and alerts.
  • Manage and categorize alerts from SIEM, Anti-DDoS, and other security solutions based on urgency and risk.
  • Lead technical response activities, including host triage, containment, and recovery.
  • Conduct remote system analysis and implement remediation efforts using strong correlation skills.
  • Maintain the full incident response lifecycle and ensure all actions adhere to established SLAs (Service Level Agreements).

• Security Automation & Intelligence

  • Identify opportunities for automation in manual workflows and design automated playbooks and modules in the SOAR platform.
  • Apply a detailed understanding of the MITRE ATT&CK Framework to identify and map attacker techniques.
  • Analyze global threat landscapes, including cyber threat intelligence, new vulnerabilities, and exploit code to stay ahead of adversaries.
  • Study vulnerabilities and provide technical recommendations for corrective actions and reporting.

• Technical Expertise & Maintenance

  • Maintain deep knowledge of Security Technologies, Operating Systems (Windows & Linux), and deep-packet analysis tools like Wireshark.
  • Utilize extensive experience in log correlation and analysis to detect and investigate suspicious patterns.
  • Ensure all findings, communication, and mitigation steps are thoroughly recorded in the ticketing system.

Qualifications:

• BSc in Computer Science, Electrical/Computer/Software Engineering.
• Mandatory: SIEM Based Trainings, FortiSOAR Training.
• Preferred: GCIH Certified, Incident Handler Training, Linux+, Security+, CCNA, CCNA Security, FortiSOAR Certification.
• Thorough experience in Security Operations Center environment and handling Cyber Security Incidents.
• Experience with SIEM technologies such as ArcSight, Microsoft Sentinel, etc., and Threat Intelligence Platforms.
• Expertise in gauging automation potential in SOC manual processes/workflows and designing their transformation into automated SOC/IR playbooks and modules within FortiSOAR.
• Understanding of the global threat landscape by analyzing cyber threat intelligence.
• Extensive experience in Incident Response activities and skilled in Log Analysis.
• Ability to write and execute complex queries using KQL (Kusto Query Language).
• Experience with Anti-DDoS solutions, preferably at a Service Provider level.
• Monitoring experience of security tools like SIEM, Anti-DDoS, IPS, EDR, firewalls, and MFA systems.
• Flexible to work in shifts and willing to assist team overtime if needed.
• Awareness of Security best practices and concepts.
• Comfortable with a high-tech work environment, and constant learning of new tools and innovations.
• Good analytical, technical, written, and verbal communication skills.
• Strong team player, able to multi-task in a fast-paced and demanding work environment.
• Highly result-oriented and able to work with less guidance.
• Sound understanding of common network services (Web, Mail, FTP, DNS, etc.), network vulnerabilities, and network attack patterns.
• Hold an analytical and research-oriented mindset driven by situational awareness.