Sr. SOC Engineer

• Manage and optimize the performance of SIEM and XDR solutions (Wazuh) to ensure effective security monitoring, incident detection, and response.
• Monitor and respond to security alerts from SIEM, EDR, XDR, and AV/AM tools, ensuring timely containment and remediation of threats.
• Investigate, contain, and remediate security incidents in real time, performing root cause analysis and impact assessments.
• Perform vulnerability risk and impact analysis with actionable remediation recommendations to reduce organizational risk.
• Conduct forensic analysis, log correlation, and incident reporting for comprehensive post-incident reviews.
• Leverage threat intelligence from multiple sources to proactively ingest, analyze, and prioritize emerging threats, reducing the likelihood of successful cyberattacks.
• Utilize MITRE ATT&CK, Cyber Kill Chain, and SANS PICERL frameworks for threat modeling, detection strategy, and incident response.
• Develop and maintain custom YARA rules for malware detection, integrating insights from Red Hat Insights and Bitdefender EDR for enhanced endpoint protection.
• Analyze trends and security logs from firewalls, network appliances, Linux servers, A-WAFs, DDoS mitigations, API security, and identity management systems to identify and mitigate advanced threats.
• Understand and apply Palo Alto Networks threat detection capabilities for next-gen firewall and advanced threat prevention.
• Configure and maintain Security Onion for network traffic analysis, threat hunting, and incident response.
• Manage and optimize Tenable Nessus for vulnerability assessment and ensure timely remediation.
• Integrate Dynatrace AppSec (RAV & RAP) for application-level security monitoring and vulnerability detection.
• Maintain Cisco ESA and GTB DLP solutions for data loss prevention and email security.
• Enhance the usage of Syslog for centralized log management and implement UEBA for behavior-based anomaly detection.
• Implement and maintain SOAR capabilities to automate incident response and streamline SOC workflows.
• Ensure compliance with CIS Benchmarks, PCI-DSS, ISO 27001, and NIST standards, maintaining industry best practices across all security processes.
• Participate in regular security reviews, incident response exercises, and continuous improvement initiatives.
• Provide technical leadership and mentorship to the security operations team, sharing knowledge and promoting best practices.
• Collaborate with cross-functional teams to strengthen the organization's overall security posture and ensure alignment with business objectives.
• Demonstrate the ability to work under pressure during high-severity incidents while maintaining accuracy, composure, and effective communication.
• Develop custom scripts and automation tools to eliminate repetitive tasks, improve detection capabilities, and enhance SOC efficiency.
• Conduct risk-based vulnerability assessments and penetration tests on networks and applications.
• Continuous review of Indicators of Attack (IoAs) and Indicators of Compromise (IoCs).

We are looking for

• Education: Bachelors in Software, IT, Cybersecurity or relevant fields
• Experience: 3-6 years of experience in SOC or cybersecurity

Skills

• Strong hands-on skills in implementing and using Security Information and Event Management (SIEM) tools, including log analysis, creation of correlation rules, and SIEM administration.
• Strong foundation in Linux, networking, and core cybersecurity concepts.
• Knowledge of Kali Linux, IDS/IPS, firewalls, threat intelligence platforms, threat hunting, SOAR, automation, and other security solutions.
• Hands-on experience with security monitoring and response tools, including Wazuh, Palo Alto Cortex XDR/XSIAM, Rapid7 IVM & IDR, Bitdefender EDR, and GTB eDLP.
• Understanding of the threat landscape in fintech and associated attack vectors.
• Familiarity with compliance and regulatory frameworks such as PCI-DSS, NIST, and ISO 27001.
• Exposure to the incident management lifecycle, including detection, investigation, containment, eradication, and recovery.
• Knowledge of advanced threat hunting techniques and digital forensics.
• Proficiency in Python, Bash scripting, and Linux administration for automation and incident response.
• Basic understanding of database concepts and their security implications.
• Strong critical thinking, analytical, and problem-solving skills with attention to detail.
• Proactive, self-managed, and able to work seamlessly with cross-functional technical teams.
• Relevant certifications such as CISSP, CEH, CompTIA Security+, OSCP, or equivalent (preferred).
• Prior experience in a Security Operations Center (SOC) environment is a must.
• Strong verbal and written communication skills for effective collaboration and reporting.
• Excellent troubleshooting, organizational, and documentation skills.
• Ability to work in 24/7 shift rotations and perform effectively under high-pressure scenarios.

Tools

• Wazuh
• Security Onion
• Linux
• Bitdefender
• Email Security
• XDR (Cortex/SentinelOne)
• Automation
   

i2c’s mission is to empower our clients to create differentiated payment and banking experiences for consumers and businesses around the world. We build the payment technology and services that financial institutions, fintech’s and brands, Banking as a Service (BaaS) providers and aggregators, and government agencies need to deliver high-impact, personalized payments and commerce solutions that build loyalty and engage today’s consumers in new ways, creating more profitable relationships. Our proprietary “building block” technology allows clients to easily create and manage a comprehensive set of solutions for credit, debit, prepaid, lending and more, quickly and cost-effectively. We deliver unparalleled flexibility, agility, security and reliability from a single global Software as a Service (SaaS) platform.