Security Operation Engineer - Remote

NAVA Software solutions is looking for a Security Operations Engineer

Details:

Security Operations Engineer

Location: Remote

Duration: 6-12 months

Security Operations Engineer to join our cybersecurity team and help protect our organization's infrastructure, applications, and data from cyber threats. This role is responsible for the ongoing monitoring, detection, investigation, and remediation of security incidents, as well as maintaining and improving security tools, processes, and automation. The ideal candidate will have a strong background in security monitoring, incident response, SIEM administration, and vulnerability management.

Key Responsibilities

Security Monitoring & Threat Detection

• Monitor and analyze alerts from SIEM and other security tools (e.g., Splunk, QRadar, Sentinel, Elastic Security).
• Investigate suspicious activity, anomalies, and security incidents across networks, systems, and applications.
• Tune security tools and correlation rules to improve detection capabilities and reduce false positives.

Incident Response & Investigation

• Serve as the first responder to security incidents-triaging alerts, performing root-cause analysis, and documenting findings.
• Coordinate incident response efforts with internal teams and, when necessary, external partners.
• Preserve digital evidence and maintain chain-of-custody documentation for potential legal or compliance requirements.

Security Tool Administration & Automation

• Deploy, configure, and maintain security tools such as EDR/XDR, IDS/IPS, firewalls, vulnerability scanners, and log management systems .
• Automate detection and response workflows using SOAR platforms or scripting languages (Python, PowerShell, Bash).
• Maintain playbooks and runbooks for common incident scenarios.

Vulnerability & Patch Management

• Work with IT and DevOps teams to identify, prioritize, and remediate vulnerabilities.
• Schedule and oversee regular vulnerability scans (e.g., Tenable, Qualys, Rapid7).
• Track and report on remediation progress and SLA adherence.

Threat Intelligence & Continuous Improvement

• Leverage threat intelligence feeds to proactively identify and defend against emerging threats.
• Conduct post-incident reviews to identify lessons learned and improve future responses.
• Participate in red team/blue team exercises and security drills.

Qualifications

Required

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• 8+ years of experience in security operations, SOC, or incident response.
• Strong knowledge of:
  • Network protocols, operating systems (Windows, Linux, macOS), and cloud platforms (AWS, Azure, GCP).
  • SIEM tools and log analysis techniques.
  • Common attack techniques, tactics, and procedures (MITRE ATT&CK framework).
• Experience with endpoint security, intrusion detection, and vulnerability management tools .
• Hands-on scripting and automation skills (Python, PowerShell, or Bash).

Preferred

• Security certifications such as GCIH, GCIA, GCFA, CEH, Security+, or CISSP .
• Familiarity with container security (Docker, Kubernetes) and IaC scanning .
• Exposure to compliance requirements (e.g., PCI DSS, HIPAA, ISO 27001).

Key Competencies

• Strong analytical, troubleshooting, and decision-making skills.
• Ability to work under pressure in fast-paced, high-stakes security incidents.
• Clear communication skills-both written and verbal.
• Collaborative mindset and ability to work cross-functionally with IT, DevOps, and business teams.

Performance Metrics

• Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) improvements.
• Reduction in repeated incidents from the same root cause.
• Efficiency and accuracy of security monitoring and response.
• Uptime and reliability of security tools and monitoring infrastructure