Specialist - SOC Engineering + SOAR

About us:

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €31.6 Billion international wholesaler with operations in 32 countries through 625 stores & a team of 85,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide HR, Finance, IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow's standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website: https://www.metro-gsc.in

Company Size: 1050-1100

Headquarters: Pune, Maharashtra, India

Type: Privately Held

Inception: 2011

Job Description

Profile Summary:

●As a Specialist- SOC Engineering, as part of the Cyber Defense Operations Center (CDOC) you will lead advanced security operations with a focus on SIEM and SOAR technologies, driving detection engineering, automated response, and complex incident handling. You'll be responsible for optimizing detection rules, developing playbooks, and managing high-severity incidents from triage to resolution. In parallel, you'll mentor Level 1 and 2 analysts, preparing to lead your own team in the future. While EDR remains part of the security stack, your primary emphasis is on engineering activities around SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise, leadership potential, and a proactive approach to evolving threats.

Job Description:

●Manage and maintain NG SIEM solutions like Google Chronicle, Crowdstrike and support in leveraging SOAR capabilities by designing and implementing SOAR playbooks, including necessary integration and automation.

●Support on boarding and maintenance of a wide variety of data sources to include various OS, appliance, and application logs. Create Custom queries, custom dashboards, and visualizations.

●Develop and fine tune content for the different tools including but not limited to SIEM Use Cases, SOAR playbooks, Threat intelligence watchlist and rules.

●Select and recommend additional security solutions or enhance existing security solutions to improve overall METRO detection and response capabilities as per the METRO cyber security strategy.

●Develop appropriate use cases/playbooks/models/reports and alerts & develop custom parsers/connectors for integrating logs, wherever necessary or required.

●Perform analysis on the reported incidents, determine the root cause and recommend the appropriate solution.

●Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution.

●Reduction of False Positives by fine tuning existing correlation rules/configuration/playbooks/models

●Automation with continuous improvements, Reduction in MTTR, MTTD and Improvement of overall posture of NG SIEM deployment to achieve best ROI.

●Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through SOC controls.

●Generate reports and documentation related to platform performance and continuous improvement recommendations for management and stakeholders.

●Ensure the SIEM integration is intact among the SOC solutions and with other assets

●Design, create and customize the dashboards/reports as per the business needs.

●Create and manage NG SIEM knowledge objects to include apps, dashboards, saved and scheduled searches and alerts.

Qualifications

Exp and Qualification:

●Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, SANS/GIAC, ECIH, GCIH, CEH, DFIR) may be preferred.

●7-11 years of total experience in SOC in a large multi-national organization or in a known MSSP. In addition to minimum 8 years of SOC Engineering experience, candidate should posses at least 2 years of experience on Incident Response capabilities.

Technical & Soft Skills:

●In-depth knowledge and hands-on experience with SOC technologies and tools such as Google Chronicle SIEM, CrowdStrike EDR/EPP, Vectra NDR, Recorded Future TI, etc.

●Strong knowledge and skills in scripting, and development of automation and orchestration code.

●Strong hands-on experience with various operating systems, networking protocols, and application architectures.

●In-depth Knowledge of industry standards and frameworks such as MITRE ATT&CK, Magma Framework, NIST CSF, ISO 27001, etc.

●Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis.

●Familiarity security operations center (SOC) operations, incident response, threat detection, and vulnerability management.

●Analytical and problem-solving skills to identify and troubleshoot SOC platform technical issues.

●Ability to adapt to changing security threats and evolving business requirements.

●Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously.

●Ability to work under pressure, especially during critical security incidents.

●Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.

●Skilled in developing professional documentation and detailed reporting (including PowerPoint presentations), including policies, standards, processes and procedures

●Very high attention to detail, with strong skills in managing/presenting data and information.

●Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills.

●Excellent communication and interpersonal skills to effectively collaborate with stakeholders, and internal teams.

Skills Required
crowdstrike , Scripting, Siem, Iso 27001, EDR, SOAR, Python, Powershell