SOC Specialist

This is a hybrid role (3 days in office / 2 days remote).

About your team:

We are seeking an experienced SOC Specialist to help strengthen, modernize, and optimize our Security Operations capabilities. This role sits at the intersection of security operations, detection engineering, security automation, and incident response.

The ideal candidate is passionate about improving SOC effectiveness through better detection logic, SIEM/XDR optimization, automation, threat detection engineering, and operational process improvements. You will play a key role in reducing alert fatigue, improving signal-to-noise ratio, accelerating response times, and enhancing overall security visibility across the enterprise.

This position requires hands-on experience with enterprise security technologies, log analytics, threat detection, incident investigations, and security automation platforms.

What will be your responsibilities within IBKR:

• Security Monitoring & Incident Response
  • Monitor, analyze, investigate, and respond to security alerts and incidents across enterprise environments.
  • Perform triage and escalation of security events in accordance with incident response procedures.
  • Conduct root cause analysis and document findings, containment actions, and remediation recommendations.
  • Participate in incident response activities, including malware investigations, insider threat investigations, and account compromise incidents.
  • Support threat hunting and proactive detection activities.
  Detection Engineering
  • Develop, tune, and optimize SIEM detection rules, correlation searches, analytics, and alerting mechanisms.
  • Create and maintain high-fidelity detections mapped to MITRE ATT&CK techniques and adversary behaviors.
  • Continuously improve detection coverage across endpoints, cloud platforms, identity systems, networks, and applications.
  • Measure and improve detection effectiveness through detection engineering metrics and validation exercises.
  • Reduce false positives and improve alert quality through continuous tuning and optimization.
  SIEM, XDR & Security Platform Management
  • Administer and optimize security monitoring platforms including SIEM, XDR, EDR, NDR, and cloud security tooling.
  • Maintain log ingestion pipelines, data normalization, parsing, enrichment, and retention strategies.
  • Validate health, performance, and scalability of security monitoring infrastructure.
  • Collaborate with infrastructure, cloud, and application teams to onboard new log sources and security telemetry.
  Security Automation & SOAR
  • Design, develop, and maintain SOAR playbooks and automated response workflows.
  • Automate repetitive SOC tasks to improve analyst efficiency and reduce response times.
  • Integrate security tools using APIs, scripting, and workflow orchestration platforms.
  • Develop automated enrichment, containment, and investigation processes.
  Threat Intelligence & Threat Hunting
  • Leverage threat intelligence feeds and indicators of compromise (IOCs) to improve detection capabilities.
  • Conduct threat hunting activities using endpoint, network, cloud, and identity telemetry.
  • Research emerging threats, attacker techniques, and vulnerabilities affecting the organization.
  • Assist with purple team exercises and detection validation efforts.
  Security Operations Improvement
  • Identify opportunities to improve SOC processes, workflows, runbooks, and operational metrics.
  • Develop and maintain SOC documentation, playbooks, and standard operating procedures.
  • Support vulnerability management initiatives and risk-based remediation efforts.
  • Contribute to SOC maturity improvements aligned with industry frameworks and best practices.
  Security Operations
  • Overall 8+ years of experience of which 3+ years of experience in a Security Operations Center (SOC), Detection Engineering, Incident Response, or Cyber Defense role.
  • Strong understanding of incident detection, triage, investigation, containment, and response processes.
  • Experience analyzing security events from multiple data sources including endpoints, network devices, cloud platforms, and identity providers.
  SIEM & Security Monitoring

  Hands-on experience with one or more SIEM platforms:

  • Splunk Enterprise Security
  • Sentinel One Singularity Data Lake
  • Microsoft Sentinel
  • QRadar
  • LogRhythm
  • Elastic Security
  • Google Chronicl

Which skills are required:

• • Palo Alto Networks
  • Cisco Security products
  • Fortinet
  • Check Point
  • Zscaler
  Cloud Security

  Experience monitoring and securing cloud environments:

  • AWS
  • Microsoft Azure
  • Google Cloud Platform (GCP)

  Understanding of:

  • Cloud-native security controls
  • IAM
  • Cloud logging and monitoring
  • Cloud threat detection
  Operating Systems

  Strong working knowledge of:

  • Windows Server
  • Active Directory
  • Microsoft Entra ID (Azure AD)
  • Linux administration and security
  Scripting & Automation

  Experience developing automation using:

  • Python
  • PowerShell
  • Bash
  • C#

  Ability to:

  • Consume APIs
  • Automate security workflows
  • Build integrations between security platforms
  Security Frameworks & Methodologies

  Knowledge of:

  • MITRE ATT&CK
  • Cyber Kill Chain
  • NIST Cybersecurity Framework
  • Incident Response Lifecycle
  • Detection Engineering principles

• Experience building and maintaining SOAR platforms such as:
  • Cortex XSOAR
  • Splunk SOAR
  • Microsoft Sentinel Automation
  • Tines
  • Swimlane
• Experience with threat hunting methodologies and purple team exercises.
• Experience with adversary emulation and detection validation tools.
• Familiarity with:
  • AttackIQ
  • SCYTHE
  • Atomic Red Team
  • Caldera
• Experience supporting:
  • Vulnerability management programs
  • Exposure management initiatives
  • Security control validation
• Experience with cloud security tooling:
  • Microsoft Defender for Cloud
  • Wiz
  • Orca
  • Prisma Cloud
  • Lacework
• Familiarity with Identity Threat Detection and Response (ITDR) technologies.
• Experience supporting zero trust security initiatives.
• Exposure to DevSecOps, CI/CD security, and container security technologies.
• Knowledge of Kubernetes, Docker, and modern application security concepts.
• Experience working within regulated industries such as financial services, healthcare, or critical infrastructure.

Preferred certifications include:

• CompTIA Security+
• CySA+
• GCIH
• GCIA
• GCFA
• GMON
• CISSP
• SC-200 (Microsoft Security Operations Analyst)
• SC-100 (Microsoft Cybersecurity Architect)
• Splunk Certified Cybersecurity Defense Analyst
• CrowdStrike Certified Falcon Administrator

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field, or equivalent practical experience.

To be successful in this position, you will have the following:

• Self-motivated and able to handle tasks with minimal supervision
• Superb analytical and problem-solving skills
• Excellent collaboration and communication (verbal and written) skills
• Outstanding organizational and time management skills

Company Benefits & Perks

• Competitive salary, annual performance-based bonus, and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits, including medical, dental, and vision benefits, and a company-paid medical healthcare premium
• Wellness screenings and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
• Paid time off and a generous parental leave policy
• Daily company lunch allowance provided, and a fully stocked kitchen with healthy options for breakfast and snacks
• Corporate events, including team outings, dinners, volunteer activities, and company sports teams
• Education reimbursement and learning opportunities
• Modern offices with multi-monitor setups