Salla
Senior SOC Analyst (Cloud, Endpoint, Network, and Edge Security)
- Permanent
- Jeddah, Saudi Arabia
- Experience 5 - 10 yrs
- Urgent
Job expiry date: 24/03/2026
Job overview
Date posted
07/02/2026
Location
Jeddah, Saudi Arabia
Salary
SAR 20,000 - 30,000 per month
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
24/03/2026
Job description
The Senior SOC Analyst will lead advanced security monitoring, investigation, and response across cloud, endpoint, network, and edge environments at L2/L3 level. The role encompasses incident escalation, detection engineering, root cause analysis, and continuous improvement of detection coverage aligned with MITRE ATT&CK framework. The analyst will work with SIEM platforms such as Splunk or Graylog, handle AWS security logs including CloudTrail, CloudWatch, and VPC Flow Logs, manage container and Kubernetes security including Amazon EKS, and monitor edge security events with Cloudflare WAF, DDoS, Bot Management, and Zero Trust tools. The role involves developing and tuning detection rules, conducting threat investigations, performing post-incident reviews, mentoring junior SOC analysts, creating and maintaining playbooks, and collaborating with SOC leadership, Cloud Security, and DevOps teams to improve overall security posture. Knowledge of IDS/IPS, firewalls, proxies, DLP technologies, scripting (Python, PowerShell, Bash), and foundational AI/ML security concepts is required. Relevant certifications like GCIA, GCIH, CompTIA CySA+, and AWS Security Specialty are preferred.
Required skills
Key responsibilities
- Perform advanced L2/L3 alert triage and investigations across endpoint, network, cloud, and edge security platforms.
- Lead investigations using SIEM tools to validate incidents, reduce noise, and determine impact.
- Analyze and respond to edge security events including WAF, DDoS, Bot activity, and Zero Trust alerts.
- Act as an escalation point for confirmed incidents and support containment and response actions.
- Conduct root cause analysis and threat investigations, identifying attacker behavior and scope of impact.
- Design, tune, and maintain detection rules and logic across SIEM platforms.
- Improve detection coverage by aligning rules with the MITRE ATT&CK framework.
- Mentor and guide junior SOC analysts and contribute to skill development across the team.
- Build and maintain investigation playbooks and incident response runbooks.
- Collaborate with SOC leadership, Cloud Security, and DevOps teams to improve security controls and visibility.
Experience & skills
- 5+ years of experience as a SOC Analyst (L2/L3).
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience.
- Hands-on experience with SIEM platforms (Splunk, Graylog, or similar).
- Experience performing alert triage, incident investigation, and escalation.
- Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/HTTPS, BGP).
- Experience analyzing AWS security logs (CloudTrail, CloudWatch, VPC Flow Logs).
- Experience with container and Kubernetes runtime security (Kubernetes, Amazon EKS).
- Hands-on experience with Cloudflare security tools (WAF, DDoS, Bot Management, Zero Trust).
- Strong understanding of IDS/IPS, firewalls, proxies, and DLP technologies.
- Experience conducting root cause analysis and post-incident reviews.
- Familiarity with MITRE ATT&CK framework and NIST incident response standards.
- Experience developing and tuning SIEM detection rules.
- Knowledge of scripting or automation (Python, PowerShell, or Bash).
- Foundational understanding of AI/ML security concepts and LLM-related risks.
- Strong analytical, investigation, and incident handling skills.
- Ability to communicate technical findings to non-technical stakeholders.
- Relevant certifications preferred (GCIA, GCIH, CompTIA CySA+, AWS Security Specialty).