Date Posted: 14 July, 2026
Industry: IT Services and IT Consulting
Location: VAPORVM IT SERVICES DMCC
Job Description:
Job Summary
We are seeking a highly skilled Senior SOC Analyst (L2/L3) to join our Cybersecurity Operations team in Saudi Arabia. The ideal candidate will have strong experience in Security Operations Center (SOC) activities, incident response, threat hunting, SIEM administration, endpoint security, and cloud security monitoring. The candidate will be responsible for detecting, analyzing, investigating, and responding to cybersecurity threats while continuously improving the organization’s detection and response capabilities.
Key Responsibilities
- Monitor, analyze, and investigate security alerts generated by SIEM, EDR/XDR, IDS/IPS, firewalls, WAF, email security, and other security platforms.
- Perform incident triage, investigation, containment, eradication, recovery, and post-incident activities.
- Conduct proactive threat hunting using Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and threat intelligence feeds.
- Investigate malware infections, phishing attacks, ransomware incidents, insider threats, and advanced cyber attacks.
- Analyze suspicious endpoint, network, authentication, cloud, and application activities.
- Develop, customize, and maintain SIEM use cases, detection rules, correlation logic, dashboards, and reports.
- Fine-tune security monitoring rules to minimize false positives and improve detection accuracy.
- Perform log analysis across Windows, Linux, Active Directory, Microsoft 365, Azure, cloud platforms, applications, and network devices.
- Collaborate with infrastructure, networking, cloud, and application teams during security incidents.
- Prepare incident reports, Root Cause Analysis (RCA), executive summaries, and recommendations.
- Participate in vulnerability assessment validation and remediation verification.
- Assist in developing SOC playbooks, runbooks, automation workflows, and Standard Operating Procedures (SOPs).
- Support digital forensics, evidence collection, and incident investigations when required.
- Mentor junior SOC analysts and provide technical guidance during incident response activities.
- Participate in 24×7 SOC operations, on-call support, and shift rotations as required.
Required Technical Skills
Security Monitoring \& SIEM
- Microsoft Sentinel
- IBM QRadar
- Splunk Enterprise Security
- LogRhythm
- ArcSight
Endpoint Detection \& Response (EDR/XDR)
- Microsoft Defender for Endpoint
- CrowdStrike Falcon
- SentinelOne
- Cortex XDR
Operating Systems \& Identity Security
- Windows Server
- Linux
- Active Directory
- Microsoft Entra ID (Azure AD)
- Microsoft 365 Security
Network Security
- Firewalls
- VPN
- IDS/IPS
- Web Application Firewall (WAF)
- Proxy Solutions
- Email Security Gateways
Threat Detection \& Incident Response
- Threat Hunting
- IOC/IOA Analysis
- Malware Analysis
- Phishing Investigation
- Ransomware Response
- Digital Forensics
- Incident Response
Frameworks \& Standards
- MITRE ATT\&CK Framework
- Cyber Kill Chain
- NIST Cybersecurity Framework
Vulnerability Management
Cloud Security
- Microsoft Azure
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP)
Automation \& Scripting
- SOAR Platforms
- PowerShell
- Python
- Bash
Networking
- TCP/IP
- DNS
- HTTP/HTTPS
- SMTP
- DHCP
- VPN Technologies
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
- 5–8 years of hands-on experience in a Security Operations Center (SOC) environment.
- Strong analytical, troubleshooting, and incident response skills.
- Experience working in enterprise or MSSP environments.
- Excellent communication, documentation, and reporting skills.
Preferred Certifications
- Microsoft Certified: Security Operations Analyst (SC-200)
- CompTIA CySA+
- CompTIA Security+
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Analyst (GCFA)
- Certified Ethical Hacker (CEH)
- Splunk Certified Power User/Admin
- Microsoft Sentinel Certification
- IBM QRadar Certification
- CrowdStrike Certified Falcon Administrator
- Cisco CyberOps Associate
- ISC² Certified Information Systems Security Professional (CISSP) (Preferred)