Senior SOC Engineer

Role overview

An established technology solutions and services provider in Doha is looking for a seasoned Senior SOC Engineer to strengthen its security operations across enterprise IT, operational technology, and cloud estates. The position centers on advanced monitoring, threat detection, vulnerability management, and proactive hunting within a high-availability environment where rapid response and resilience are essential.

Security monitoring and incident response

• Handle security events with advanced technical analysis and support detection and response activities.
• Monitor environments in real time using SIEM, XDR/EDR, NDR, OT, and cloud security tools.
• Carry out root cause analysis after incidents and capture key learnings.
• Drive containment, eradication, and recovery steps during active security incidents.
• Work within established SLAs and KPIs for escalation and incident handling.

Detection engineering and use case management

• Create and refine SIEM/XDR correlation logic aligned to MITRE ATT&CK techniques.
• Lower false positives while expanding the overall detection footprint.
• Build advanced detections for ransomware, insider activity, data theft, and APT behavior.
• Integrate new log sources, create parsers, and standardize data for better visibility.
• Regularly review thresholds and rule logic to keep detections effective.

Vulnerability management

• Own the vulnerability management process from identification through remediation verification.
• Link vulnerability findings with threat intelligence and exploitability insights.
• Rank fixes by CVSS score, operational impact, and asset importance.
• Confirm remediation success with rescans and supporting tests.
• Prepare leadership dashboards and reports showing risk exposure and remediation progress.

Threat hunting and intelligence integration

• Run proactive threat hunts using hypothesis-led investigation methods.
• Feed threat intelligence into SIEM/XDR environments.
• Monitor emerging attacker techniques and adapt detection content accordingly.
• Support adversary simulation and red-team validation activities.
• Translate threat intelligence into practical guidance for stakeholders.

Reporting and stakeholder management

• Track critical and high-risk vulnerabilities along with SLA breaches.
• Report on remediation progress and risk trends.
• Maintain evidence and documentation suitable for audits and compliance reviews.
• Deliver executive-level summaries on threat posture and security performance.

Requirements

• At least 8 years of experience in IT security operations or information security.
• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a similar discipline.
• One mandatory certification from the following: Tenable Certified Nessus Professional (TCNP), Tenable Certified Security Center (TCSC), Qualys VMDR Specialist, or Qualys WAS Specialist.
• Preferred certifications include CEH, Microsoft SC-200, and OSCP.
• Practical experience with SIEM, XDR/EDR, NDR, SOAR, and cloud security monitoring.
• Strong understanding of MITRE ATT&CK, threat hunting, and log correlation.
• Deep knowledge of vulnerability management workflows and risk-based prioritization.
• Exposure to SOC setup, tuning, automation, and maturity enhancement.
• Familiarity with ISO 27001, NIST CSF, and related regulatory frameworks.
• Hands-on use of tools such as Tenable, Qualys, Rapid7, Burp Suite, and Acunetix.
• Working knowledge of incident triage, basic malware analysis, and network traffic analysis.
• Basic scripting ability in PowerShell, Python, KQL, or SPL.
• Strong communication, reporting, and documentation skills for stakeholder-facing work.

Additional information

The opportunity is based in Doha, Qatar and is a full-time, onsite role. The position is intended for an experienced professional who can contribute to SOC maturity improvement, audit readiness, and security resilience in a mission-critical setting.