SOC Engineer (Incident Response)

Responsibilities

• Design, deploy, and optimize DLP solutions across network, endpoint, and cloud.
• Build and refine data classification schemes for sensitive assets (wallets, trading algorithms, customer PII).
• Configure DLP policies to prevent data exfiltration while minimizing false positives.
• Monitor, analyze, and tune alerts and incidents for continuous improvement.
• Lead investigations of DLP incidents and insider threats.
• Conduct threat hunting and forensic analysis of data exfiltration attempts.
• Integrate DLP monitoring into broader SOC workflows and incident response playbooks.
• Build custom DLP tools and integrations (e.g., macOS Swift endpoint protection, Unix socket monitoring).
• Develop automation scripts, APIs, regexes and integrations to enhance detection and response.
• Explore AI/LLM-driven methods for anomaly detection and response efficiency.
• Ensure controls align with crypto and financial regulations (AML, KYC, GDPR, CCPA).
• Support audits and regulatory reviews related to data protection.
• Assess and mitigate data loss risks across trading platforms, onboarding systems, and blockchain infrastructure.

Requirements

• 4+ years in a SOC or security operations role with incident response focus.
• Proven experience with DLP design, deployment, and monitoring.
• Strong programming skills (macOS Swift, Unix socket programming, scripting).
• Hands-on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data classification methods.