Epicareer Might not Working Properly
Learn More

SOC Engineer

Salary undisclosed

Apply on


Original
Simplified
AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

Roles And Responsibilities

Primary Duties

The primary goal of a SOC engineer is to ensure the effective operation and utilization of the SIEM solution to enhance AVEVA's security posture. Here is an overview of the responsibilities and key aspects of a SOC engineer's job:

  • SIEM Implementation and Configuration: Responsible for installing, configuring, and maintaining the SIEM system. This includes setting up data collection points (such as firewalls, IDS/IPS, antivirus, and logs), defining correlation rules, and ensuring data normalization and integration.
  • Tuning and Optimization: SIEM systems can generate a significant number of alerts, many of which may be false positives. SOC engineers work to fine-tune the system to reduce false positives and ensure that genuine threats are not overlooked.
  • Threat Detection: SOC engineers are responsible for developing and maintaining custom correlation rules and signatures to detect specific threats and attack patterns. They stay updated on the latest threat intelligence to enhance the SIEM's ability to identify emerging threats.
  • Log Management: Managing and storing log data is a critical aspect of SIEM operations. Engineers ensure that log data is collected, stored, and retained in compliance with regulatory requirements and best practices.
  • Compliance and Reporting: SOC engineers help organizations meet regulatory compliance requirements by generating reports and alerts related to specific compliance mandates (e.g., GDPR, HIPAA) and collaborate with auditors during compliance audits.
  • SIEM Integration: SIEM systems often integrate with other security tools and systems, such as, ticketing system, intrusion detection/prevention systems, firewalls, and endpoint protection solutions. SOC engineer are responsible for ensuring seamless integration and data flow between these systems.
  • Training and Documentation: They provide training to other team members on how to support SIEM effectively. Additionally, they maintain documentation related to the SIEM's configuration and procedures.
  • Security Awareness: SOC engineers stay informed about the latest cybersecurity threats and trends and share this knowledge with their team. They also participate in security awareness programs to educate employees about best practices and security policies.
  • DevSecOps SOC detection, application, services development using agile methodology

Additional Duties

  • Training and Documentation: Provide training to other team members on how to support SIEM effectively. Additionally, they maintain documentation related to the SIEM's configuration and procedures.
  • Security Architecture Enhancement: SOC engineer may be involved in the enhancement of AVEVA's overall security architecture improvement efforts. This includes evaluating and recommending improvements to existing security technologies and practices.
  • Vendor Management: Managing relationships with SIEM solution vendors, including evaluating and implementing updates, patches, and new features as they become available.
  • Security Research: Staying abreast of emerging threats, vulnerabilities, and security technologies through continuous research and participation in security communities and forums.
  • Capacity Planning: Monitoring the performance of the SIEM system and planning for scalability to accommodate the growing volume of security data.
  • Collaboration with IT Teams: Working closely with IT teams to ensure that the SIEM integrates seamlessly with the organization's network and infrastructure.

Required Qualifications:

Educational Qualifications And Experience

  • Education: A bachelor's degree in computer science, information technology, cybersecurity, or a related field is preferred. Advanced degrees and relevant certifications can be advantageous.
  • Minimum 5 years of related experience in security engineering domain such as SOC & SIEM, SOAR, Firewall and Network Security, Endpoint Security, Identity and Access Management (IAM), and Cloud security engineering.

Technical Competency

  • SIEM Platforms: Using and configuring Security Information and Event Management (SIEM) platforms such as Sentinel, Splunk, ArcSight, IBM QRadar, LogRhythm, or similar systems.
  • Log Management: Collect, normalize, and correlate logs and security events from various sources, including network devices, servers, and applications.
  • Event Correlation: Developing and fine-tuning correlation rules to identify security incidents and threats effectively.
  • Incident Detection and Response: Knowledge of techniques for real-time incident detection and response using SIEM tools, including creating alerts, dashboards, and automated response actions.
  • Security Data Analysis: Proficiency in analysing SIEM data to identify security vulnerabilities, anomalies, and potential threats.
  • Threat Intelligence Integration: Ability to integrate threat intelligence feeds and indicators of compromise (IoCs) into SIEM systems to enhance threat detection.
  • Data Parsing and Transformation: Expertise in parsing and transforming raw log data to make it usable for analysis and reporting within the SIEM.
  • Scripting and Automation: Proficiency in scripting languages (e.g., Python, PowerShell) to automate SIEM-related tasks and workflows.
  • Security Policies and Standards: Familiarity with industry-specific security framework, standards, compliance requirements (e.g., Mitre Attack, PCI DSS, HIPAA), and the ability to configure SIEM systems to meet these standards.
  • User and Entity Behaviour Analytics (UEBA): Knowledge of UEBA concepts and the ability to configure UEBA features within the SIEM for advanced threat detection based on user and entity behaviour.
  • Integration with Other Security Tools: Experience in integrating SIEM with other security tools such as intrusion detection systems (IDS), endpoint protection platforms (EPP), and vulnerability scanners.
  • Log Source Onboarding: Proficiency in adding new log sources to the SIEM, including creating custom parsers or connectors when necessary.
  • Reporting and Dashboards: Skill in creating customized reports, dashboards, and visualization of security data within the SIEM platform.

Other technical competencies as an advantage:

  • Firewall and Network Security: Configuring, managing, and maintaining firewalls, intrusion prevention systems (IPS), and other network security devices.
  • Endpoint Security: Engineer experience of endpoint protection solutions, including antivirus, anti-malware, and endpoint detection and response (EDR) tools.
  • Security Architecture: Understanding of security architecture principles and best practices, including network segmentation, DMZ design, and secure communication protocols.
  • Vulnerability Management: Experience in conducting vulnerability assessments, interpreting scan results, and coordinating patching or remediation efforts.
  • Identity and Access Management (IAM): Managing user access, role-based access control (RBAC), and authentication mechanisms.
  • Security Policies and Procedures: Development and implementation of security policies, procedures, and guidelines aligned with industry best practices.
  • Security Awareness and Training: Promoting security awareness among employees and conducting training programs.
  • Incident Response: Incident handling and response, including the creation of incident response plans and participation in security incident investigations.
  • Encryption and Data Protection: Knowledge of encryption technologies and data protection methods to safeguard sensitive information.
  • Cloud Security: Understanding of cloud security principles and the ability to secure cloud environments and services.
  • Security Compliance: Ensuring compliance with relevant regulations and standards and conducting compliance assessments.
  • Security Tools: Familiarity with a wide range of security tools, including vulnerability scanners, identity, and threat intelligence platforms.
  • Security Patch Management: Managing the timely application of security patches and updates to mitigate vulnerabilities.

Desirable Training and Certifications

  • Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or certifications specific to the SIEM platform being used.

Occupational Personality

  • Strong analytical and problem-solving skills with strong written and verbal communication and a good attention to detail
  • Ability to work both independently and collaboratively as a team member, be curious and to ask questions and share knowledge.
  • Ability to interact with AVEVA's personnel at all levels and across all business units and organizations, and to understand business objectives and values.
  • A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
  • A strong passion about security, be curious with a keenness to learn and develop own skills and knowledge outside of the working environment.
  • Confident in recording and presenting key findings and conclusions to different levels of the business.

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.

Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.