Senior Security Engineer

We are seeking a highly skilled Senior Security Engineer with strong expertise in Endpoint Detection & Response (EDR / XDR) tools (e.g., CrowdStrike Falcon), Security Information and Event Management (SIEM) platforms (e.g., Splunk, Google SecOps / Chronicle), Cloud Security across AWS, Azure, and GCP. The ideal candidate will have Deep investigation skills and cloud threat detection capabilities, Proven experience as Incident Commander during critical incidents, awareness of recent threats and adversarial techniques, Ability to quickly understand complex environments, Strong business and interpersonal skills to manage risks and collaborate with cross-functional teams

HOW YOU'LL SPEND YOUR TIME HERE :

Serve as a senior escalation point for high-severity alerts and incidents across on-prem, endpoint, and cloud workloads

Perform deep-dive investigations into complex threats such as Cloud-native attacks, Malware and ransomware, Insider threats, Advanced Persistent Threat (APT) campaigns

Correlate telemetry from EDR / XDR, SIEM, CSPM, and threat intel sources to detect sophisticated threats

Lead Major Incident Response as Incident Commander, coordinating SOC, IR, Cloud, and IT teams

Drive containment, eradication, and recovery for both on-premises and cloud security incidents

Deliver comprehensive post-incident reports with actionable remediation guidance

Lead and participate in Blue / Red team exercises to improve detection logic and align with MITRE ATT&CK

Mentor SOC analysts and junior engineers in advanced investigations and cloud IR

Review and update SOPs, protocols, and capabilities to address emerging threats

Develop metrics and scorecards to measure Organizational risk, SOC operational effectiveness and efficiency

WE'D LOVE TO TALK TO YOU IF YOU HAVE MANY OF THE FOLLOWING :

5- 8 years experience

EDR / XDR : Strong hands-on experience with CrowdStrike Falcon

SIEM : Expertise in Splunk and / or Google SecOps (Chronicle)

Cloud Security : Skilled in cloud monitoring (AWS, Azure, GCP) and incident handling

Incident Response : Proven track record as Incident Commander handling multi-vector incidents

OS Knowledge : Deep understanding of Windows and Linux internals

DLP Tools : Proficiency with MS Defender, Zscaler

CSPM Tools : Familiarity with Wiz, Qualys, AWS Security Hub, Azure Defender, GCP SCC

SOAR Platforms : Experience with Splunk SOAR, Google Siemplify

Scripting : Python, PowerShell, or similar for automation (preferred)