SOC Engineer

Bevatel is seeking a SOC Engineer to design operate and continuously improve our Security Operations Center (SOC) capabilities.
This role is technical and operational focused on real-time threat detection incident response log engineering and SIEM/SOAR operations in a high-compliance environment.

You will play a critical role in protecting Bevatels telecom cloud and platform infrastructure while ensuring alignment with Saudi cybersecurity regulations and international best practices.

Responsibilities:

• Monitor security events across cloud on-prem network endpoints and applications
  
• Analyze alerts from SIEM EDR WAF IDS/IPS and cloud-native security tools
  
• Reduce false positives through tuning detection rules and correlation logic
  
• Develop and maintain use cases aligned to real attack scenarios
  

• Lead and execute security incident response (triage containment eradication recovery)
  
• Perform root cause analysis (RCA) and document incidents clearly
  
• Coordinate with IT DevOps Network and Management during incidents
  
• Support post-incident reviews and lessons learned
  

• Onboard and normalize logs from:
  

Cloud platforms

Firewalls WAF VPN

Identity systems

Applications and databases

• Create and maintain dashboards alerts and reports
  
• Ensure log retention and integrity in line with regulatory requirements
  

• Conduct proactive threat hunting
  
• Track and analyze threat intelligence feeds
  
• Map detections to MITRE ATT&CK
  
• Identify emerging attack patterns relevant to telecom and fin-tech environments
  

• Support compliance with:
  

NCA Essential Cybersecurity Controls (ECC / CCC)

SAMA Cybersecurity Framework (where applicable)

CST / CITC requirements

ISO 27001

• Prepare SOC reports metrics and evidence for audits and regulators
  
• Maintain clear SOC documentation and playbooks
  

• Enhance SOC processes playbooks and response workflows
  
• Participate in SOC automation (SOAR) initiatives
  
• Improve SOC maturity metrics (MTTD MTTR) and operational efficiency
  
  

Requirements

• Strong understanding of:
  

Security Operations & Incident Response

Networking (TCP/IP DNS HTTP TLS)

Linux systems

• Hands-on experience with:
  

SIEM platforms (Splunk Elastic Wazuh Sentinel QRadar etc.)

EDR / Endpoint Security

Firewalls WAFs IDS/IPS

• Experience analyzing:
  

Logs network traffic alerts and system behavior

Cloud & Modern Environments

• Experience with cloud environments (AWS GCP Cloudflare)
  
• Familiarity with containers and Kubernetes security is a plus
  
• Understanding of IAM API security and application logs
  

Regulatory Awareness (Highly Preferred)

• Knowledge of Saudi cybersecurity regulations:
  

NCA ECC / CCC

SAMA CSF (for regulated environments)

CST requirements

• Experience supporting regulatory audits is a strong advantage.
  

Qualifications

• Bachelors degree in Computer Science Information Security or related field
  
• 36 years experience in SOC security operations or incident response
  
• Certifications (preferred but not mandatory):
  

GCIA GCIH GCED

CEH Security

ISO 27001 or SOC-related certifications

Soft Skills

• Strong analytical and problem-solving skills
  
• Ability to stay calm under pressure during incidents
  
• Clear documentation and communication skills
  
• Team player with a security-first mindset
  
• High sense of ownership and accountability