Location: Krungthep Kreetha
Website: https://www.bgrimmpower.com/en/home
Job Scope:
- Lead the deployment, configuration, tuning, and maintenance of SIEM and SOAR platforms for effective threat detection and response.
- Develop and optimize detection use cases, correlation rules, alerts, enrichment strategies, response actions, and dashboards based on threat intelligence and business requirements.
- Integrate diverse security telemetry sources (endpoint, network, cloud, identity, etc.) into SIEM, SOAR, EDR platforms, threat intelligence feeds, notification and ticketing systems to support automation.
- Continuously evaluate and improve SOAR playbooks to ensure scalability and reduce false positives.
- Automate routine response actions using SOAR tools to reduce manual effort and improve mean time to detect (MTTD) and mean time to respond (MTTR).
- Perform proactive threat hunting using SIEM, SOAR, and EDR data to detect advanced persistent threats (APTs) and insider threats.
- Provide mentorship and technical guidance to Security Operations Center (SOC) team members to enhance detection capabilities.
- Collaborate with IT, Infrastructure, DevOps, and application teams to ensure comprehensive and accurate security telemetry.
- Support compliance and audit requirements by generating reports and providing evidence of security monitoring activities.
- Evaluate emerging SIEM and SOAR technologies to enhance the organizations security monitoring capabilities.
- Document detection methodologies, incident handling procedures, and operational workflows.
- Communicate effectively with internal stakeholders and external clients to build strong relationships and ensure successful outcomes.
Qualifications:
- Bachelors degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
- Minimum 5 years of experience in cybersecurity roles, with a focus on SIEM, SOAR, XDR, or related security monitoring tools.
- Proven hands-on experience with leading SIEM platforms such as Google SecOps, Splunk, Microsoft Sentinel, or equivalents.
- Proficiency with security technologies including EDR, SIEM, SOAR, IDS/IPS, and firewalls, Cloud-native security solutions(AWS, Azure, GCP) including their integration.
- Strong understanding of network protocols, endpoint security, cloud security, and identity/access management principles.
- Familiarity with scripting or programming languages such as YARA-L 2.0, PowerShell, Python or similar for automation and data processing.
- Deep understanding of the incident response lifecycle and threat intelligence utilization.
- Strong analytical and problem-solving abilities, with attention to detail.
- Excellent communication skills and ability to work collaboratively in cross-functional teams.
