Senior Information Security Engineer (SOC)

We are looking for a Senior SOC Engineer to strengthen our Security Operations capabilities. In this role, you will help design and improve SOC processes, lead complex incident investigations, and support the development of detection and response capabilities across the organization. You will work closely with security analysts and engineering teams to enhance monitoring, automate response workflows, and continuously improve our security posture.

Responsibilities

• Define and continuously improve security processes, procedures, and incident response playbooks

• Optimize security event and log collection based on risk and detection relevance

• Oversee and improve incident response workflows through post-incident analysis and lessons learned

• Collaborate with L1-L2 security team members to expand detection coverage and develop new use cases

• Participate in major security incident investigations, providing technical analysis and remediation guidance

• Standardize automation and orchestration across SIEM, SOAR, EDR and related tools

• Ensure alignment of security operations with security policies and frameworks (ISO 27001, NIST, MITRE ATT&CK)

• Review security architecture for cloud and on-prem environments and recommend improvements

• Lead investigation and response for high and critical severity incidents

• Track remediation actions and ensure closure of identified security gaps

Requirements

• 5+ years of experience in Information Security as an L2/L3 SOC Analyst/Engineer with strong focus on Incident Response

• Strong understanding of the incident lifecycle, detection engineering, and response escalation

• Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, Chronicle, QRadar, Wazuh)

• Experience conducting security investigations and root cause analysis, as well as documenting those

• Understanding of common log sources (network, endpoint, identity, application)

• Experience developing detection rules and playbooks (Sigma, KQL, YAML, etc.)

• Knowledge of ISO 27001 standards, MITRE ATT&CK and threat intelligence practices

• Basic scripting or automation skills (Python or Bash)

• Strong documentation, communication, and cross-team collaboration skills
  
  Nice to have: 

• Knowledge of secure architecture principles (Zero Trust, CIS Benchmarks, NIST, OWASP) is a big advantage

• Knowledge of cloud security monitoring (GCP, AWS, Azure) is a plus

We offer

• Long-term service agreement contract with QIC with 3 months probation period

• We are diverse — our digital nomads work remotely from 25+ different countries

• Payment in US dollars monthly to your bank account using SWIFT

• Full-time remote, work schedule: 5 days per week, Sunday to Thursday, GMT +3 timezone

• Vacation policy: Qatar Holiday Calendar, 20 vacation days, 10 sick offs

• Performance reviews are conducted twice a year, with the possibility of a raise

• Potential opportunity to apply for a Qatar ID and relocation to Doha, Qatar