SOC Engineer

Bevatel is seeking a SOC Engineer to design, operate, and continuously improve our Security Operations Center (SOC) capabilities.This role is technical and operational, focused on real-time threat detection, incident response, log engineering, and SIEM/SOAR operations in a high-compliance environment.You will play a critical role in protecting Bevatel’s telecom, cloud, and platform infrastructure, while ensuring alignment with Saudi cybersecurity regulations and international best practices.Responsibilities:Security Monitoring & DetectionMonitor security events across cloud, on-prem, network, endpoints, and applications Analyze alerts from SIEM, EDR, WAF, IDS/IPS, and cloud-native security tools Reduce false positives through tuning detection rules and correlation logic Develop and maintain use cases aligned to real attack scenarios Incident ResponseLead and execute security incident response (triage, containment, eradication, recovery) Perform root cause analysis (RCA) and document incidents clearly Coordinate with IT, DevOps, Network, and Management during incidents Support post-incident reviews and lessons learned SIEM & Log EngineeringOnboard and normalize logs from: ○ Cloud platforms○ Firewalls, WAF, VPN○ Identity systems○ Applications and databasesCreate and maintain dashboards, alerts, and reports Ensure log retention and integrity in line with regulatory requirements Threat Intelligence & HuntingConduct proactive threat hunting Track and analyze threat intelligence feeds Map detections to MITRE ATT&CK Identify emerging attack patterns relevant to telecom and fin-tech environments Compliance & ReportingSupport compliance with: ○ NCA Essential Cybersecurity Controls (ECC / CCC)○ SAMA Cybersecurity Framework (where applicable)○ CST / CITC requirements○ ISO 27001Prepare SOC reports, metrics, and evidence for audits and regulators Maintain clear SOC documentation and playbooks Continuous ImprovementEnhance SOC processes, playbooks, and response workflows Participate in SOC automation (SOAR) initiatives Improve SOC maturity, metrics (MTTD, MTTR), and operational efficiency RequirementsTechnical SkillsStrong understanding of: ○ Security Operations & Incident Response○ Networking (TCP/IP, DNS, HTTP, TLS)○ Linux systemsHands-on experience with: ○ SIEM platforms (Splunk, Elastic, Wazuh, Sentinel, QRadar, etc.)○ EDR / Endpoint Security○ Firewalls, WAFs, IDS/IPSExperience analyzing: ○ Logs, network traffic, alerts, and system behaviorCloud & Modern Environments:Experience with cloud environments (AWS, GCP, Cloudflare) Familiarity with containers and Kubernetes security is a plus Understanding of IAM, API security, and application logs Regulatory Awareness (Highly Preferred):Knowledge of Saudi cybersecurity regulations: ○ NCA ECC / CCC○ SAMA CSF (for regulated environments)○ CST requirementsExperience supporting regulatory audits is a strong advantage. Qualifications:Bachelor’s degree in Computer Science, Information Security, or related field 3–6 years experience in SOC, security operations, or incident response Certifications (preferred but not mandatory): ○ GCIA, GCIH, GCED○ CEH, Security+○ ISO 27001 or SOC-related certificationsSoft Skills:Strong analytical and problem-solving skills Ability to stay calm under pressure during incidents Clear documentation and communication skills Team player with a security-first mindset High sense of ownership and accountability Benefits Comprehensive Social & Medical Insurance: Enjoy peace of mind with our robust health coverage and additional social benefits. Dynamic Working Environment: Thrive in a collaborative and innovative workspace that encourages creativity and teamwork. Continuous Learning Opportunities: Access professional development programs, workshops, and courses to help you grow your skills and advance your career.