Cybersecurity Engineer — SOC & Threat Detection
ACI INFOTECH · India
- Hybrid
- Full-time
- $75,000 / year
- India
Job highlights
- Monitor and respond to security threats in enterprise environments.
- Investigate incidents across various platforms like EDR and cloud.
- Develop detection rules and automate responses.
- Conduct threat hunting and vulnerability assessments.
- Support compliance and audit reporting requirements.
About the role
Cybersecurity Engineer — SOC & Threat Detection
Frontline detection and response for high-value enterprise environments — across SIEM, EDR, cloud, and identity.
The team
ACI Infotech operates a 24/7 SOC and NOC covering global enterprise clients. Our security posture is SOC 2, ISO 27001, and HIPAA aligned, and we embed the same discipline into client-facing engagements. The team runs rotational shifts; expect real incidents and clear escalation paths.
What you'll do
- Monitor and triage security alerts across SIEM platforms (Splunk, Microsoft Sentinel, or similar).
- Investigate and respond to incidents across EDR, network, identity, and cloud surfaces.
- Develop detection rules, playbooks, and automation in SOAR platforms.
- Conduct threat hunting and vulnerability assessments for enterprise clients.
- Support compliance reporting for SOC 2, ISO 27001, and HIPAA audits.
What we're looking for
- 4+ years in SOC, incident response, or threat detection roles.
- Hands-on experience with Splunk or Microsoft Sentinel; competence in writing detection logic.
- Working knowledge of MITRE ATT&CK and a primary threat-intel feed.
- Certifications preferred: CompTIA Security+, GCIH, GCIA, CEH, or equivalent.
- Willingness to work in a rotational 24/7 SOC shift pattern.
Bonus
- Experience with cloud-native detection (CloudTrail, Defender for Cloud, GuardDuty).
- Background in red-team or purple-team exercises.
About ACI Infotech
ACI Infotech is a Production-Grade Engineering services firm. We build data, AI, cloud, and enterprise application systems for global customers across financial services, healthcare, retail, and manufacturing. Our Applied AI practice (ArqAI) ships agentic and GenAI systems for regulated industries.We are CMMI Level 3, ISO 27001 certified, SOC 2 Type II, HIPAA Ready, and a Great Place to Work. Headquarters in Hyderabad with offices in Singapore, UAE, Australia, and the US.
Apply: careers@aciinfotech.com · aciinfotech.com/careers
ACI Infotech is an equal opportunity employer.
Key skills/competency
- SIEM
- EDR
- Cloud Security
- Incident Response
- Threat Detection
- Splunk
- Microsoft Sentinel
- SOAR
- Threat Hunting
- MITRE ATT&CK
Skills & topics
- Cybersecurity Engineer
- SOC
- Threat Detection
- SIEM
- EDR
- Incident Response
- Splunk
- Microsoft Sentinel
- Cloud Security
- Cybersecurity
How to get hired
- Tailor your resume: Highlight experience in SOC, incident response, and threat detection, specifically mentioning SIEM platforms like Splunk or Microsoft Sentinel. Quantify achievements where possible.
- Showcase relevant certifications: Emphasize certifications such as CompTIA Security+, GCIH, GCIA, or CEH. If you have them, mention experience with cloud-native detection tools.
- Demonstrate technical skills: Detail your proficiency with MITRE ATT&CK framework, threat intelligence feeds, and SOAR platforms. Include any experience with red-team or purple-team exercises.
- Prepare for shift work: Be ready to discuss your willingness and ability to work in a rotational 24/7 SOC shift pattern during the interview process.
Technical preparation
Master Splunk/Sentinel query language.,Practice writing detection rules.,Familiarize with MITRE ATT&CK tactics.,Understand cloud security logging.
Behavioral questions
Describe handling a critical security incident.,How do you prioritize alerts under pressure?,Explain your experience with teamwork in SOC.,How do you stay updated on threats?
Frequently asked questions
- What is the primary focus of the Cybersecurity Engineer role at ACI Infotech?
- The primary focus of the Cybersecurity Engineer role at ACI Infotech is frontline detection and response for high-value enterprise environments. This includes monitoring security alerts, investigating incidents across SIEM, EDR, cloud, and identity systems, and developing detection rules and automation.
- What are the essential technical skills required for the Cybersecurity Engineer position?
- Essential technical skills include hands-on experience with SIEM platforms like Splunk or Microsoft Sentinel, competence in writing detection logic, and a working knowledge of the MITRE ATT&CK framework and threat intelligence feeds. Experience with cloud-native detection and SOAR platforms is also highly valued.
- Does ACI Infotech offer opportunities for professional development in cybersecurity?
- Yes, ACI Infotech encourages professional development, as indicated by their preference for candidates with certifications like CompTIA Security+, GCIH, GCIA, or CEH. The role itself offers exposure to diverse security technologies and real incidents, fostering growth.
- What is the work environment like for a Cybersecurity Engineer at ACI Infotech?
- The work environment involves a 24/7 SOC operation with rotational shifts. The team is globally oriented, focusing on providing security posture aligned with SOC 2, ISO 27001, and HIPAA standards for enterprise clients. There are clear escalation paths for incidents.
- How does ACI Infotech support compliance and audits for its clients?
- ACI Infotech embeds a disciplined approach to security that aligns with SOC 2, ISO 27001, and HIPAA. The Cybersecurity Engineer will support compliance reporting for these specific audits, ensuring that client environments meet the required standards.
- What is the significance of ACI Infotech's certifications (SOC 2, ISO 27001, HIPAA Ready)?
- These certifications demonstrate ACI Infotech's commitment to maintaining high standards in security, data protection, and operational excellence. For a Cybersecurity Engineer, this means working within a robust security framework and contributing to maintaining these critical compliance levels.
- What are the 'bonus' qualifications that would make a candidate stand out for the Cybersecurity Engineer role?
- Bonus qualifications include experience with cloud-native detection tools such as AWS CloudTrail, Azure Defender for Cloud, or AWS GuardDuty. Additionally, a background in red-team or purple-team exercises is highly advantageous.