Incident Response Analyst at Gruve Technology About the Role: The SOC Consultant is responsible for providing expert guidance, implementation support, and optimization strategies for Security Operations Center (SOC) operations. The consultant works closely with client teams to assess, design, implement, and improve SOC processes, technologies, and detection capabilities, ensuring effective threat monitoring, detection, and incident response. Key Responsibilities: Roles and Responsibility Conduct SOC maturity assessments, gap analysis, and capability reviews. Provide recommendations on SOC design, architecture, and technology stack. Advise on SOC processes, workflows, and governance aligned with frameworks (NIST, ISO 27001, MITRE ATT&CK). Assist with SIEM, SOAR, EDR, and threat intelligence platform deployment and tuning. Support integration of log sources, endpoints, cloud services, and third-party tools. Develop detection use cases, correlation rules, and automated workflows. Recommend and implement advanced analytics, ML/AI-based anomaly detection, and threat hunting strategies. Provide guidance on incident response playbooks, triage, and escalation procedures. Conduct workshops, training sessions, and hands-on exercises for SOC teams. Develop documentation, SOPs, and best practices for client SOC operations. Mentor SOC analysts on advanced detection, incident handling, and threat hunting techniques. Support generation of SOC KPIs, dashboards, and executive reports. Assist clients in preparing for cybersecurity assessments, audits, or certifications. Ensure alignment with compliance, audit, and regulatory requirements. Keep abreast of emerging threats, attack techniques, and industry trends. Suggest improvements to enhance efficiency, reduce false positives, and strengthen SOC capabilities. Recommend SOC process optimizations and technology upgrades. Basic Qualifications: Bachelor’s degree in Cybersecurity, Computer Science, or related field; Master’s preferred. 5 –10 years of experience in SOC operations, threat hunting, incident response, or cybersecurity consulting. Strong understanding of SIEM, SOAR, EDR/XDR, and network security technologies. Experience in designing or tuning detection use cases and correlation rules. Knowledge of cybersecurity frameworks: MITRE ATT&CK, NIST, ISO 27001, CIS Controls. Strong analytical, problem-solving, and incident response skills. Preferred Qualifications: Relevant certifications preferred: CISSP, CISM, GCIH, GCIA, CEH, CCSP, or vendor-specific SIEM/SOAR certifications.