Security Operations Center Analyst (SOC)

Alibaba is looking for a Security Operations Center (SOC) to help us improve and expand our rapidly-growing products.

Responsibilities

- Security Monitoring and Incident Response:

• Proactively monitor security alerts, logs, and events to detect potential security incidents.
• Lead incident response efforts, investigating and mitigating security breaches or unauthorized access.
• Conduct post-incident analysis to identify root causes and implement preventive measures.

- Security Infrastructure Management:

• Manage and maintain security tools and technologies such as SIEM, IDS/IPS, and firewalls.
• Ensure proper configuration, tuning, and updating of security systems to maximize effectiveness.

- Threat Intelligence and Analysis:

• Stay up-to-date with the latest cybersecurity threats and vulnerabilities.
• Analyze threat intelligence data to identify emerging risks and potential impact on the organization.

- Security Policies and Procedures:

• Develop, update, and enforce security policies, standards, and procedures.
• Collaborate with the compliance team to ensure adherence to relevant regulations and standards.

- Incident Reporting and Documentation:

• Document all security incidents, detailing the incident's nature, impact, and response actions taken.
• Produce regular reports on security operations and performance for management.

- Security Projects and Improvements:

• Drive initiatives to improve security operations and enhance the overall security posture.
• Evaluate and recommend new security technologies and tools to strengthen defenses.

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field. Relevant certifications such as CISSP, CISM, or GIAC certifications are desirable.
• Proven experience (typically 5+ years) in SOC operations, incident response, and threat analysis.
• Extensive knowledge of security principles, practices, protocols, and technologies.
• Hands-on experience with security monitoring tools, SIEM platforms (Splunk) , IDS/IPS, firewalls, and endpoint security solutions.
• Strong understanding of networking protocols and systems administration in a heterogeneous environment.
• Familiarity with regulatory frameworks and compliance standards (CIS ,GDPR, HIPAA, NIST).
• Excellent analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Effective communication skills, both written and verbal, and the ability to convey complex technical concepts to non-technical stakeholders.
• Leadership skills and the ability to mentor and guide junior team members.
• Continuous learning mindset, staying updated with the latest cybersecurity trends and best practices.