About Atos Group

Atos Group is a global leader in digital transformation with c. 56,000 employees and annual revenue of c. €7.2 billion (at the go-forward perimeter), operating in 54 countries under two brands - Atos for services and Eviden for products and systems. European number one in cybersecurity and a leader in cloud, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos Group is the brand under which Atos SE (Societas Europaea) operates. Atos SE listed on Euronext Paris. 

The purpose of Atos Group is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space. 

SOC Administrator / Senior SOC Analyst

Role Summary

We are looking for an experienced SOC Administrator / Senior SOC Analyst with strong hands-on experience in ArcSight SIEM administration, SOC operations, incident investigation, SIEM engineering, threat hunting, and security solutioning.

The candidate will be deployed onsite at a customer location and will act as a senior technical security resource responsible for managing SIEM operations, supporting L1/L2 analysts, handling advanced investigations, maintaining security tools, improving detection use cases, and advising the customer on security operations decisions.

This role requires a technically strong, confident, soft-spoken, and customer-facing professional who can take initiative, communicate clearly, and help the customer make practical cybersecurity decisions.

Key Responsibilities

SOC Administration & SIEM Management

• Administer and manage ArcSight ESM, ArcSight Logger, Elastic Search, SmartConnectors, content packs, rules, dashboards, reports, active channels, filters, and correlation use cases.
• Monitor SIEM platform health, connector status, event flow, EPS utilization, storage, parsing quality, and log source availability.
• Troubleshoot log ingestion issues, connector failures, parsing errors, event normalization issues, and correlation rule performance problems.
• Perform SIEM tuning to reduce false positives and improve detection accuracy.
• Develop and maintain SIEM content including correlation rules, dashboards, reports, threat use cases, and alert workflows.
• Support onboarding of new log sources including network devices, servers, cloud platforms, EDR, AV, IAM, and application logs.
• Maintain documentation for SIEM architecture, log source inventory, use cases, SOPs, escalation matrix, and operational runbooks.

SOC L3 Operations & Incident Response

• Perform deep-dive analysis of security alerts, suspicious activities, malware detections, endpoint events, cloud events, and network anomalies.
• Lead incident triage, validation, containment recommendations, root cause analysis, and post-incident reporting.
• Review and improve SOC investigation workflows, alert handling procedures, and escalation processes.
• Perform threat hunting across SIEM, EDR, endpoint, cloud, firewall, proxy, DNS, identity, and email security logs.
• Support customer security teams during major incidents, audit queries, and security improvement initiatives.

SIEM Engineering & Detection Engineering

• Design, develop, and enhance security monitoring use cases aligned with MITRE ATT&CK, current threat trends, and customer risk priorities.
• Translate business and technical risks into actionable SIEM detection logic.
• Create and tune detection rules for endpoint threats, privilege abuse, lateral movement, brute force, suspicious cloud activity, data exfiltration, malware, ransomware, and insider threats.
• Validate rule logic, reduce noisy alerts, and improve SOC investigation quality.
• Support integration of SIEM with ticketing tools, SOAR platforms, automation scripts, threat intelligence feeds, and customer security tools.

Security Technology Support

• Work with and support technologies such as:
  • EDR/XDR platforms
  • Antivirus / endpoint protection solutions
  • Linux and Windows security logging
  • Azure security services
  • AWS security services
  • CloudTrail, Azure AD / Entra ID, Defender, firewall, proxy, DNS, IAM, VPN, and server logs
  • Threat intelligence and threat hunting platforms
  • AI automation / SOC automation tools
• Assist in security solutioning, tool integration, and operational improvement discussions with the customer.
• Identify gaps in monitoring, visibility, detection coverage, and response processes.

Customer-Facing Responsibilities

• Work onsite with the customer’s security and IT teams on daily SOC operations.
• Provide clear technical guidance and help the customer make informed security decisions.
• Prepare daily, weekly, and monthly SOC reports, incident summaries, health checks, and improvement recommendations.
• Communicate professionally with customer stakeholders, SOC teams, and management.
• Take ownership of issues and follow through until resolution.
• Maintain a calm, confident, soft-spoken, and collaborative working style.

Required Skills & Experience

• 5–8+ years of cybersecurity experience, with strong exposure to SOC operations and SIEM administration.
• Hands-on experience with SIEM, preferably ArcSight ESM, Logger, SmartConnectors, correlation rules, dashboards, reports, and connector management.
• Prior experience working in a combined SOC Admin + SOC L3 Analyst role.
• Strong understanding of SOC processes, alert triage, incident response, escalation handling, and threat hunting.
• Good knowledge of security event analysis across firewall, proxy, endpoint, server, identity, cloud, email, DNS, and application logs.
• Experience with EDR, antivirus, Linux, Windows logs, Azure, AWS security, SIEM engineering, and security automation.
• Ability to create and tune SIEM rules, dashboards, reports, and monitoring use cases.
• Strong understanding of MITRE ATT&CK, cyber kill chain, common attack techniques, malware behavior, phishing, brute force, privilege escalation, and lateral movement.
• Good documentation and reporting skills.
• Strong troubleshooting ability for SIEM, connectors, log ingestion, parsing, and platform health issues.
• Ability to work independently at customer site with minimal supervision.

Preferred Certifications

Candidates with one or more of the following will be preferred:

• ArcSight / SIEM-specific certification
• Microsoft Azure Security certification, such as AZ-500 or equivalent
• AWS Security Specialty or equivalent AWS security certification
• CEH or equivalent cybersecurity certification
• CompTIA Security+, CySA+, GCIA, GCIH, GCFA, SC-200, SC-100, CISSP, CISM, or equivalent certifications are added advantages.

Preferred Candidate Profile

The ideal candidate should be:

• Currently based in the UAE or immediately available to relocate.
• Comfortable working full-time onsite at customer premises.
• Technically hands-on and operationally mature.
• Confident in dealing with customer stakeholders.
• Soft-spoken, professional, and composed during pressure situations.
• Proactive and willing to take initiative beyond routine monitoring.
• Capable of guiding customer teams in decision-making with practical security recommendations.
• Strong in both technical execution and customer communication.

Tools & Technologies Exposure

Experience in the following areas will be highly preferred:

• ArcSight ESM / Logger / SmartConnectors
• ElasticSearch
• SIEM engineering and use case development
• EDR / XDR platforms
• Antivirus and endpoint protection
• Linux and Windows security administration
• Azure security and