Senior SOC Engineer

Job Description SOC L3 (Level 3)  

The Alcon Security Operations Center (SOC) is responsible for monitoring, detecting, analyzing, and performing incident response to cyber threats against Alcon applications, platforms, networks, and information.  The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public facing services & websites, wireless, mobile/cellular, cloud-based applications, and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations and laptops, production manufacturing, and various other 3rd party connections & services.  

Duties include:  

• Administer and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents effectively.  
• Configure and customize SIEM rules, alerts, dashboards, and reports to meet the organization's security requirements and compliance standards.  
• Perform regular health checks, tuning, and optimization of SIEM infrastructure to ensure optimal performance and maximum effectiveness.  
• Monitor SIEM logs and alerts, investigate security incidents, and provide expert-level analysis and response to security events.  
• Collaborate with SOC (Security Operations Center) analysts to triage, prioritize, and escalate security incidents based on severity and impact.  

• Conduct regular SIEM platform upgrades, patches, and version migrations, following best practices and change management processes.  
• Develop and maintain SIEM documentation, including configuration guides, standard operating procedures (SOPs), and knowledge base articles.  
• Provide mentorship and training to junior team members and SOC analysts on SIEM administration best practices and techniques.  
• Coordinate with vendors and internal stakeholders for SIEM platform integrations, upgrades, and troubleshooting as needed.  
• Stay current with emerging SIEM technologies, trends, and threats, and make recommendations for continuous improvement of the SIEM environment.  
• Manage and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents.  
• Implement and manage Data Loss Prevention (DLP) solutions to safeguard sensitive data and prevent unauthorized data exfiltration.  
• Administer Endpoint Detection & Response (EDR) systems to detect, investigate, and remediate security threats on endpoints.  
• Configure and maintain Security Orchestration and Automation (SOAR) platforms to streamline security operations and automate response actions.  
• Monitor and manage Intrusion Detection/Prevention Systems (IDS/IPS) to detect and prevent malicious activities and network intrusions.  
• Provide support for ARMIS platform, focusing on troubleshooting and issue resolution, while collaborating with SOC analysts for effective incident response.  
• Utilize ServiceNow for case management, including ticket creation, tracking, and resolution of security-related incidents and requests.  
• Ensure the security of cloud environments by implementing and managing cloud security solutions and best practices.  
• Offer support for Saviynt platform, assisting with user access management, identity governance, and compliance requirements.  
• Provide assistance for Site Manager and Zscaler platforms, focusing on support activities and issue resolution as needed.  
• Act as a point of escalation for L1 & L2 engineers in support of investigations.  

Required Education and Skills:   

• Bachelor of Science from accredited institution.  
• Strong knowledge of incident management, problem management and change management best practices.  
• Superior communication skills and ability to brief senior government officials.  

• 7+ years of Information Security / Cybersecurity experience.  

Desired Skills and Certifications  

• Experience networking and telecommunications integration, design, and architecture.  
• Hold at least two relevant industry certifications (GCIH, GCED, CISSP, CEH, GMON etc.)  
• Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc.  
• Experience building and maintaining a high-performance team of analysts.  
• Expertise with industry standard frameworks (ISO, NIST, PCI).  
• Experience maintaining metrics and SLAs.  
• Self starter and should be able handle platforms independently.

Desired Skills and Certifications  

• Experience networking and telecommunications integration, design, and architecture.  
• Hold at least two relevant industry certifications (GCIH, GCED, CISSP, CEH, GMON etc.)  
• Understanding of SIEM tools such as Splunk, FireEye Helix, ArcSight, Microsoft Sentinel, McAfee Nitro, etc.  
• Experience building and maintaining a high-performance team of analysts.  
• Expertise with industry standard frameworks (ISO, NIST, PCI).  
• Experience maintaining metrics and SLAs.  

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.