SOC Engineer

About the role

Bevatel is looking for a skilled SOC Engineer to design, operate, and continuously improve its Security Operations Center. You will work in a high‑compliance environment, protecting telecom, cloud, and platform infrastructure while aligning with Saudi cybersecurity regulations and international best practices.

Key responsibilities

• Monitor security events across cloud, on‑prem, network, endpoints and applications.
• Analyze alerts from SIEM, EDR, WAF, IDS/IPS and cloud‑native tools, reducing false positives through rule tuning.
• Lead incident response activities – triage, containment, eradication, recovery and root‑cause analysis.
• Onboard and normalize logs from cloud platforms, firewalls, VPNs, identity systems, applications and databases; maintain dashboards and reports.
• Conduct proactive threat hunting, map detections to MITRE ATT&CK and track threat‑intel feeds.
• Support compliance with NCA ECC/CCC, SAMA Cybersecurity Framework, CST/CITC requirements and ISO 27001, preparing SOC reports and audit evidence.
• Participate in SOAR automation projects and continuously improve SOC processes, metrics and playbooks.

Required profile

• Bachelor’s degree in Computer Science, Information Security or a related field.
• 3–6 years of hands‑on experience in security operations, incident response and log engineering.
• Strong understanding of networking protocols (TCP/IP, DNS, HTTP, TLS) and Linux systems.
• Familiarity with Saudi cybersecurity regulations and experience supporting regulatory audits.

Required skills

• Security Operations & Incident Response
• Networking (TCP/IP, DNS, HTTP, TLS)
• Linux system administration
• SIEM platforms (Splunk, Elastic, Wazuh, Sentinel, QRadar)
• EDR / Endpoint Security solutions
• Firewalls, WAFs, IDS/IPS
• Log analysis, network traffic analysis, alert correlation
• Cloud environments (AWS, GCP, Cloudflare)
• Containers and Kubernetes security (plus)
• IAM, API security, application log handling
• MITRE ATT&CK framework