Security Operations Engineer

BETSOL is seeking a Security Operations Engineer to join our team in Bengaluru, Karnataka. This crucial role involves the continuous monitoring, detection, analysis, and response to security threats across our enterprise environment. You will collaborate closely with threat intelligence, incident response, and engineering teams to safeguard our infrastructure, data, and customers. The ideal candidate possesses robust Security Operations Center (SOC) experience, a strong technical aptitude with security tooling, and a proactive approach to identifying and mitigating risks.

Responsibilities:

• Monitor security events and alerts from SIEM, EDR, IDS/IPS, and cloud security platforms in real time.
• Triage, investigate, and respond to security incidents according to established procedures and playbooks.
• Perform root-cause analysis of security events, documenting findings, containment, and remediation actions.
• Develop, tune, and maintain detection rules, correlation queries, and alerting logic to minimize false positives and enhance signal accuracy.
• Conduct proactive threat hunting using threat intelligence, the MITRE ATT&CK framework, and behavioral analytics.
• Partner with IT, DevOps, and infrastructure teams to address vulnerabilities and strengthen system configurations.
• Manage and operate security tools including SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, SentinelOne), and vulnerability management platforms.
• Contribute to the development and refinement of security operations runbooks, playbooks, and standard operating procedures.
• Participate in tabletop exercises, red/blue team engagements, and incident simulations.
• Track and report on security metrics, key risk indicators (KRIs), and SOC performance to leadership.
• Assist with forensic investigations of compromised endpoints, accounts, or network segments.
• Stay informed about the evolving threat landscape and share intelligence with the security team.

Qualifications:

• 3-5 years of experience in Security Operations, SOC Analysis (Tier 2/3), or Security Engineering.
• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, IBM QRadar, or similar.
• Experience with EDR/XDR tools like CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, or Carbon Black.
• Solid understanding of network security concepts, including firewalls, IDS/IPS, proxies, DNS security, and network traffic analysis.
• Familiarity with cloud security monitoring for AWS, Azure, or GCP environments (e.g., CloudTrail, Security Hub, Defender for Cloud).
• Working knowledge of the MITRE ATT&CK framework and its application in detection engineering and threat hunting.
• Experience with vulnerability management tools such as Tenable Nessus, Qualys, or Rapid7 InsightVM.
• Proficiency in scripting (Python, PowerShell, Bash) for automating security tasks, log parsing, and alert enrichment.
• Understanding of the incident response lifecycle, digital forensics fundamentals, and chain-of-custody procedures.
• Knowledge of security frameworks like NIST CSF, CIS Controls, and ISO 27001.
• Experience with ticketing and SOAR platforms (e.g., Splunk SOAR, Palo Alto XSOAR, ServiceNow SecOps) for case management and automation.
• Strong analytical skills for synthesizing data into actionable insights.
• Excellent written and verbal communication skills, with the ability to present technical findings to diverse audiences.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• Certifications such as CompTIA CySA+, GIAC GCIA, GIAC GCIH, CEH, or Microsoft SC-200 are preferred.
• Experience with Threat Intelligence Platforms (TIPs) and IOC management is a plus.