Near-Shore SOC MXDR Engineering Resource
XDR Security Engineer
SOC Automation & Integration Engineer
SOC Analytics Engineer / Detection Content Developer
Cloud Security Engineer – SOC Support (Azure/AWS/GCP)
Commercial/Delivery Considerations
275.68K
Similar presentations:
Security-Driven Networking
Security-Driven Networking
Corporate Cybersecurity Final Project
Corporate Cybersecurity Final Project
Acronis is a Leader in Cyber Protection
Acronis is a Leader in Cyber Protection
Security Monitoring
Security Monitoring
Module 28: Digital Forensics and Incident Analysis and Response
Module 28: Digital Forensics and Incident Analysis and Response
Cloud Service Models
Cloud Service Models
Training material. Software licensing basics
Training material. Software licensing basics
Accelerate Azure migrations with Windows Server & SQL Server 2008 and 2008 R2 end of support
Accelerate Azure migrations with Windows Server & SQL Server 2008 and 2008 R2 end of support
Network monitoring & forensics
Network monitoring & forensics
Driving Network Economic Transformation
Driving Network Economic Transformation

SOC Resource

1. Near-Shore SOC MXDR Engineering Resource

2. XDR Security Engineer

Role Summary:
A hands-on engineer responsible for configuring, tuning, and managing Extended Detection and Response (XDR) platforms to support 24/7
SOC operations. Acts as a Tier 2/3 escalation point and contributes to continuous detection and response improvements.
Reports to: Onshore SOC Manager or Onshore Security Engineering Lead
Key Responsibilities:
• Configure and manage XDR platforms (e.g., Microsoft
Defender XDR, SentinelOne, CrowdStrike Falcon, Palo Alto
Cortex XDR)
• Create, test, and tune detection rules (EDR, NDR, SIEMbased)
• Develop playbooks for automated response workflows
• Provide Tier 2/3 incident escalation support
• Assist in threat hunting and advanced investigations
• Maintain and optimize integration with SIEM (e.g., Splunk,
Sentinel)
• Regularly review telemetry coverage and suggest
improvements
Required Skills:
• 3+ years of hands-on experience in SOC/XDR or Security
Engineering
• Experience with scripting (PowerShell, Python)
• Solid understanding of MITRE ATT&CK, detection
engineering, and incident response
• Familiarity with cloud environments (Azure, AWS, GCP)
Certifications (Preferred):
• Microsoft SC-200 / SC-100
• CrowdStrike Certified Falcon Responder (CCFR)
• GIAC GMON / GCED

3. SOC Automation & Integration Engineer

SOC Automation & Integration Engineer
Role Summary:
Supports SOC operations by building automation workflows, integrating detection tools, and enhancing response orchestration within
SOAR/XDR platforms.
Key Responsibilities:
• Build automation scripts and SOAR playbooks (e.g., Palo
Alto Cortex XSOAR, Microsoft Sentinel, Splunk SOAR)
• Develop API integrations between XDR tools, ticketing
systems, threat intel platforms, and EDR/NDR
• Improve SOC efficiency through enrichment and correlation
• Maintain CI/CD pipelines for SOC tooling (where
applicable)
Required Skills:
• Strong Python and REST API experience
• Experience with SOAR tools and XDR integrations
• Familiarity with ITSM tools (e.g., ServiceNow, Jira)
• Knowledge of event and alert normalization (CEF, Syslog,
JSON)
Certifications (Preferred):
• Microsoft SC-200
• Any relevant vendor certifications (e.g., Cortex XSOAR,
Sentinel)

4. SOC Analytics Engineer / Detection Content Developer

Role Summary:
Develops, tunes, and maintains detection analytics across SIEM and XDR platforms to ensure coverage against evolving threats.
Key Responsibilities:
• Develop detection logic using KQL (Microsoft Sentinel),
SPL (Splunk), or equivalent
• Correlate multi-source telemetry (EDR, firewall, identity,
NDR)
• Evaluate detection efficacy and false positive rates
• Contribute to threat modeling exercises and red/blue team
feedback loops
Required Skills:
• Hands-on experience with SIEM query languages
• Strong analytical and cyber threat knowledge
• Understanding of data normalization and parsing
• Experience with MITRE ATT&CK mapping and threat usecases
Certifications (Preferred):
• SC-200 / AZ-500
• Splunk Certified Core Power User / Enterprise Security
Admin
• MITRE ATT&CK Defender (MAD)

5. Cloud Security Engineer – SOC Support (Azure/AWS/GCP)

Cloud Security Engineer – SOC Support
Role Summary:
(Azure/AWS/GCP)
Focuses on securing cloud-native environments and supporting cloud telemetry integration into SOC/XDR tools.
Key Responsibilities:
• Implement and tune cloud-native security tools (e.g.,
Defender for Cloud, AWS GuardDuty, GCP SCC)
• Manage cloud logging pipelines and API ingestion
• Support investigation of cloud-specific incidents and
misconfigurations
• Define hardening policies for cloud services in line with CIS
benchmarks
Required Skills:
• Strong knowledge of one or more cloud platforms
(Azure/AWS/GCP)
• Experience with cloud logs (e.g., CloudTrail, Activity Logs,
VPC Flow)
• Infrastructure-as-Code (Terraform, ARM) experience a plus
Certifications (Preferred):
• SC-300 / AZ-500 / AWS Security Specialty
• CCSK / CCSP

6. Commercial/Delivery Considerations

• Pricing Model: Fixed Monthly per resource, burst capacity could potentially be useful, enabling rapid
scalability to support SOC's who may be struggling with bandwidth. I've not seen this play out to be
honest, but looking at it from a price-point perspective is something I've never had to do.
• Engagement Models: Resources would need to be embedded within a client SOC, perhaps some cookie
cutter overlay that is repeatable could be explored
• Location Strategy: Tier 2 EU tech hubs are already well-known and trusted, I'm unsure of how Moldova
will be accepted, but if there are significant savings and similar capabilities across the border from
Romania, then why not.
• Value Proposition: Cost savings Vs. Tier 1 & 2 countries will be significant for, near-time zone
collaboration. If this is supported by strong bilingual capabilities and the vendor certification, it could work
well.
English     Русский Rules