logo

Senior SOC Analyst

Tehran | Engineering | Full-time

The SOC Analyst will support the deployment, configuration, and monitoring of the SIEM (Security Information and Event Management) solution for our Linux/Kubernetes infrastructure. This role involves working closely with the SOC Team Lead to ensure effective threat detection, incident response, and compliance alignment. The ideal candidate has hands-on experience with SIEM tools, Kubernetes logging, and Linux security.

 

Key Responsibilities

  • SIEM Deployment Support
    Assist in deploying Wazuh + Falco + ELK Stack or Splunk Enterprise across Kubernetes clusters and Linux servers.
    Configure log pipelines, agents (DaemonSets), and forwarders for data collection.
  • Rule Configuration & Tuning
    Define and fine-tune detection rules (e.g., Falco for container runtime threats, Wazuh for host-level anomalies).
    Reduce false positives and ensure actionable alerts.
  • Threat Monitoring
    Monitor SIEM alerts in real-time and escalate incidents to the SOC Team Lead.
    Conduct initial analysis of security events and provide remediation recommendations.
  • Dashboards & Reporting
    Build and maintain ELK or Splunk dashboards for threat visibility.
    Generate reports for compliance (e.g., GDPR, PCI DSS) and operational metrics.
  • Incident Response Support
    Assist in investigating security incidents detected via the SIEM.
    Document incident details and contribute to post-incident reviews.
  • Tool Maintenance
    Perform routine maintenance of SIEM tools, including updates and patches.
    Monitor system performance and troubleshoot issues as needed.
  • Collaboration
    Work with the DevOps team for agent deployment and infrastructure management.
    Support the Compliance Specialist in aligning SIEM rules with regulatory requirements.

Requirements

  • Technical Expertise
    Hands-on experience with SIEM tools (Wazuh, Falco, ELK, Splunk) and threat detection.
    Strong knowledge of Linux security, Kubernetes, and container runtimes (Docker, containerd).
  • Log Management
    Proficiency in log collection, parsing, and aggregation (e.g., Fluentd, Filebeat, Logstash).
    Experience with Kubernetes logging architectures.
  • Problem-Solving
    Ability to troubleshoot SIEM-related issues and optimize detection rules.
  • Communication
    Strong written and verbal communication skills for incident reporting and team collaboration.

Benefits

  • Supplementary health insurance for you and your family (supports most treatments, including psychotherapy).
  • Competitive salary with regular promotion opportunities.
  • Reimbursement for educational courses, internet, and even programs for self-development. (like art classes or learning a new language, etc.)
  • Flexible working hours, including remote work opportunity.
  • An exciting work environment with talented colleagues, cultural diversity, with an open environment for new ideas.
  • We provide everything you need to work comfortably, such as laptops, equipment for remote work, etc.
  • Various on-site meals and snacks.