**Introduction** At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. **Your role and responsibilities** * EDR alert monitoring. * Perform TI-based and hypothesis-driven threat hunting using SIEM logs. * Analyze and tune threat monitoring dashboards. * Support the incident response team during major security incidents with advanced investigation skills. * Work closely with the SOC team for incident detection, triage, analysis, and response. * Handle L2 and above level technical escalations from the L1 Operations team and resolve them within SLA. * Identify process and technology gaps and drive closure. * Fine-tune existing SIEM use cases to reduce false positives. * Generate reports and conduct trend analysis. * Provide walkthroughs of daily, weekly, and monthly SOC reports to customers/stakeholders. * Explore different security technologies available in the industry. * Mentor and monitor L1 team members in their daily activities. * Provide KT (Knowledge Transfer) and training to other team members. * Create and manage various KEDBs, SOPs, runbooks, asset inventories, risk classifications, critical application flow diagrams, network flow diagrams, and privileged user lists. * Perform and review tasks as identified in the daily task list. * Coordinate with internal customers to address security-related issues and provide solutions. * Ready to work in a 24x7 rotational shift model, including night shifts. * Drive and support Change Management. **Required technical and professional expertise** * 2 to 3+ years of IT security experience, with at least 2+ years in a Security Operations Center (SOC) working with SIEMs and EDR. * Hands-on experience managing SIEM solutions on public/private clouds like AWS, Azure, etc. * Proven expertise in SIEM tools such as QRadar, Splunk, McAfee ESM, etc. * Experience with SOAR tools such as QRadar Resilient, Palo Alto XSOAR. * Data-driven threat hunting using SIEM and other threat-hunting tools. * Ability to recognize and respond to security threats based on intrusion signatures. * Actively investigate the latest security vulnerabilities, advisories, and incidents. * Identify security gaps and suggest appropriate solutions. **Preferred technical and professional experience** * Certifications: CEH, ECIH, or CompTIA Security Analyst. * Ability to work independently towards agreed targets/goals with a creative approach. * Strong time management skills and adaptability to change. * Excellent interpersonal skills, contributing to team effort and delivering results. * Up-to-date with the latest security trends through educational workshops and publications. * Knowledge of shell scripting, AIX, Linux, or Python is an added advantage.