SOC Engineer role involves Monitors and investigates security events 24/7 using SIEM, EDR, DLP, and forensic tools while managing day-to-day operations of core SOC platforms including PIM, DAM, and VAS across on-premise and cloud environments (AWS/Azure/GCP). Leads incident response activities encompassing malware analysis, memory and network forensics, and endpoint investigations, while enforcing cloud security best practices and compliance standards in Rectras.

SOC Engineer – Technical roles and responsibilities:

1. Monitor security events and alerts 24/7 using SIEM platforms and investigate intrusion events using packet captures,
   endpoint logs, and DLP tools.
2. Conduct malware analysis and perform memory, network, and endpoint forensics during active investigations using industry standard tools.
3. Directly manage and maintain SOC tools including EDR, PIM, DAM, and VAS platforms on a day-to-day basis.
4. Monitor and respond to security incidents across cloud environments (AWS / Azure / GCP) enforcing cloud security best
   practices and compliance.
5. Run Proof of Concepts (PoCs) and demonstrate managed security and TDR capabilities to clients to increase deal winning
   probability during pre-sales engagements.
6. Draft detailed Statement of Work (SoW) Rectras documents covering pricing strategy, team compositions, milestone planning, governance structure, and RACI matrix.
7. Prepare Target Operating Models (TOM) and technical architecture documents defining how security operations will
   function post-client engagement.
8. Mentor and guide junior SOC analysts, manage shift handovers, escalation procedures, and overall SOC workflow
   responsibilities.
9. Willingness to work in a 24/7 rotational shift environment including nights, weekends, and on-call incident Rectras support.

SOC Engineer  Technical Expectation’s:

1. SIEM expertise (5+ years) — Hands-on with IBM QRadar (strongly preferred), Splunk, or Azure Sentinel with strong querywriting in SPL / KQL / AQL for threat investigation.
2. SOC tool coverage Rectras — Minimum 5 years managing in-scope SOC solutions including Firewall, IDPS, WAF, NSM, SOAR, IAM,CSPM, and DLP platforms.
3. Incident Response & Forensics — Proficiency in forensic tools: FTK, EnCase, Autopsy, Magnet Axiom, and Volatility for
   memory forensics and malware reverse engineering.
4. SOAR platforms — Experience building and managing automated playbooks on Palo Alto XSOAR (Demisto), Splunk SOAR(Phantom), or Microsoft Sentinel Playbooks.
5. EDR management — Hands-on with CrowdStrike, SentinelOne, or Microsoft Defender for endpoint threat detection,
   response, and day-to-day management.
6. PIM / DAM / VAS tools — Direct management experience with CyberArk / Azure PIM (privileged access), Imperva / IBM
   Guardium (database monitoring), and Tenable / Qualys / Rapid7 (vulnerability assessment).
7. Cloud security tools — Working experience on AWS Security Hub, GuardDuty, Microsoft Defender for Cloud, Prisma Cloud,or Wiz for CSPM and cloud threat detection.
8. Cloud platform experience — Hands-on with at least one cloud platform (AWS / Azure / GCP) with knowledge of
   cloud-native security configurations and best practices.
9. Firewall / WAF / IDPS — Experience managing Palo Alto, Fortinet, Check Point (Firewall), F5, Imperva (WAF), and Snort /Suricata (IDPS) for perimeter security.

Important Note: Only shortlisted candidates will be contacted by our recruiter. Mentioned salary/CTC is indicative; final selection and compensation are at the employer’s discretion. Rectras reserves the right to update the JD or close this role at any hiring stage.