SecOps Consultant

Overview: 

The Security Operations (SecOps) Consultant will coordinate with the SIEM/SOC team to triage alerts, support threat detection, and integrate threat intelligence into response strategies. This role serves as a bridge between the operational security team and IT/engineering, ensuring swift incident response and continuous improvement in detection. 

Experience:

3 - 5 years

Deliverables: 

1. Threat alert response SOPs and triage playbooks 

2. MITRE ATT&CK mapping of existing alert inventory 

3. Real-time dashboards and weekly SOC health reports 

4. Threat Intelligence enrichment framework 

5. Incident post-mortem reports and root cause analyses 

Roles & Responsibilities: 

1.      Alert Triage & Analysis: Systematically investigate security alerts generated from SIEM and EDR/XDR platforms and assess the severity and potential impact of each alert. Closely coordinate with IT and Platform teams to prioritize the mitigation steps that need to be initiated to ensure rapid containment of high-risk incidents while maintaining operational stability.

2.     Threat Intelligence Integration: Continuously analyze the threat intelligence feeds and incorporate them into the detection ecosystem; this proactive approach will allow the resource to refine detection logic, stay ahead of evolving attack vectors, and ensure that hunting strategies remain current and aligned with the threat landscape.

3.     Use Case Development: Design and fine-tune detection rules in collaboration with the SOC team to address both existing and emerging threats; this will involve translating threat intelligence into actionable use cases that strengthen the organization’s overall security posture and improve real-time threat visibility.

4.     Incident Support & Coordination: Play a crucial role during security incidents in coordinating response efforts, including containment activities, forensic investigations, and post-incident reporting; this ensures a structured response process, minimizes business disruption, and feeds lessons learned back into preventive controls.

5.     Reporting & Dashboards: Deliver regular reports to provide transparency on security operations; these updates will include metrics such as alert volumes, severity classifications, detection rule effectiveness, and response time SLAs, enabling stakeholders to assess and optimize SOC performance.

6.     Knowledge Transfer: Create detailed documentation for detection rules, escalation procedures, and coordinate periodic tabletop exercises to build organizational resilience; this knowledge sharing ensures all internal teams are aligned on response processes and can act swiftly during incidents.

Preferred Skillset: 

1. SIEM Platforms: Splunk 

2. Endpoint: CrowdStrike Falcon, Jamf Pro, Netskope One 

3. Threat Intel Platforms: Splunk, Prisma Cloud 

4. Frameworks: MITRE ATT&CK, Cyber Kill Chain, NIST 800-61