Summary
This role supports endpoint- and network-focused investigations across the internal environment. It is responsible for reviewing suspicious host activity, network anomalies, hostile connectivity patterns, remote access risks, and related operational threats. The role helps preserve strong traditional SOC coverage across infrastructure while supporting the SOC’s maturity into a more fintech-/crypto-aware function.
Key Responsibilities
- Investigate endpoint-related alerts using CrowdStrike
- Review suspicious host behavior, including suspicious processes, execution anomalies, remote access behavior, and early indicators of compromise
- Investigate suspicious network or perimeter activity using FortiGate
- Review hostile inbound/outbound traffic, VPN anomalies, suspicious external access attempts, and network patterns that may indicate misuse
- Correlate endpoint incidents with Cloudflare edge activity to determine whether attacks originated externally
- Investigate suspicious outbound behavior, risky cloud access, or exfiltration-adjacent signals using Netskope
- Support endpoint isolation, containment, and escalation workflows
- Correlate endpoint and network signals with IAM, email, and cloud events
- Recommend monitoring or hardening improvements based on recurring patterns
- 24×7 operations
Mandatory Expertise
- Endpoint and Network Security Operations
Good to Have
- CrowdStrike and/or NetSkope
Optional
Preferred Additional Skills
- EDR investigation
- Network event analysis
- Host containment coordination
- IOC/IOA validation
- Suspicious process and traffic review
- Firewall/proxy / WAF awareness
- Basic AWS network context awareness
- Cloudflare edge/perimeter investigation
Preferred Certifications
- Security+
- CySA+
- GCIH
- SC-200
Note: Interested candidates may send their resume to [email protected]. Only shortlisted applicants will be contacted.