The successful candidate will support the protection, monitoring, and defense of the organization’s technology infrastructure and data assets. They will operate and optimize security tools such as Trellix EDR, Splunk SIEM, Sonatype Nexus, and Tenable Nessus to detect, analyse, and respond to cyber threats.

Along with these technical skills, the incumbent will exercise analytical and coordination capabilities, collaborate with IT and DevOps teams, engage with external vendors or service providers, and must be able to communicate with peers and management on cybersecurity posture, incidents, and risk mitigation progress.

DUTIES AND RESPONSIBILITIES

Monitoring and analysing security events through Splunk SIEM, correlating data from endpoints, network, and vulnerability systems.

Operating Trellix Endpoint Security and EDR to identify, contain, and remediate endpoint threats and suspicious activities.

Supporting the vulnerability management process by running and reviewing Tenable Nessus scans and coordinating remediation with IT teams.

Ensuring secure software management practices through Sonatype Nexus, identifying vulnerable dependencies, and supporting secure DevSecOps pipelines.

Participating in incident response activities including detection, triage, containment, eradication, and recovery.

Developing and maintaining Splunk detection rules, dashboards, and automated alerts aligned with the MITRE ATT&CK framework.

Documenting security events, maintaining SOC playbooks, and supporting internal and external compliance audits (ISO 27001, NIST CSF, GDPR).

Providing situational awareness reports and communicating risk insights to management and stakeholders.

Contributing to the continuous improvement of the Security Operations Center (SOC) by proposing new use cases and optimizing detection coverage.

SKILLS / REQUIREMENTS

Mandatory

Three years’ experience in Cybersecurity Operations, SOC Analysis, or Incident Response roles.

Demonstrated experience with

o EDR platforms (Trellix Endpoint Security / ePO).

o SIEM solutions (Splunk).

o Vulnerability scanners (Tenable Nessus).

o Software component analysis tools (Sonatype Nexus).

Strong understanding of threat detection, incident handling, and vulnerability management processes.

Familiarity with network protocols (TCP/IP, DNS, HTTP/S, SMTP) and log analysis techniques.

Knowledge of MITRE ATT&CK, NIST 800-61, and ISO 27035 security incident frameworks.

Ability to manage multiple incidents or investigations in a fast-paced operational environment.

Excellent analytical, troubleshooting, and reporting skills.

Desirable

Professional certifications such as GCIA, GCIH, Splunk Certified Power User, Trellix Certified Specialist, or Tenable Certified Practitioner.

Experience developing detection logic, correlation searches, or automation workflows in Splunk or SOAR platforms.

Knowledge of scripting languages such as Python, PowerShell, or Bash for automation and data enrichment.

Exposure to DevSecOps practices and secure software development lifecycle (SDLC) integration using tools like Sonatype Nexus.

Familiarity with threat intelligence platforms (TIPs) and integration of IOCs into SIEM systems.

Database knowledge (SQL / NoSQL) for data correlation or threat hunting.

Strong written and verbal communication skills, capable of documenting incidents and presenting findings to technical and non-technical audiences.

Ability to work effectively in a SOC team environment or independently during critical response operations.

Commitment to continuous learning and staying current with emerging cyber threats, vulnerabilities, and technologies