Senior Information Security Specialist

WE Soda

Ankara

Description

We are seeking a hands-on Senior Security Specialist to act as the primary internal liaison with our MSSP/SOC, driving cybersecurity incidents from detection through to resolution.

This role will work closely with Group IT, Türkiye IT, US IT, and external security providers to validate alerts, challenge incomplete investigations, coordinate containment and remediation actions, and ensure incidents are properly documented and closed.

They must be able to make sound operational decisions during live security events, communicate clearly with technical and non-technical stakeholders, and convert MSSP/SOC escalations into real internal action.

Key Responsibilities

  • Act as the main point of contact for MSSP/SOC escalations.
  • Review, validate, and challenge security alerts and investigations.
  • Coordinate response to incidents including phishing, malware, ransomware, account compromise, data leakage, insider risk, and third-party security events.
  • Drive containment actions such as endpoint isolation, account disablement, MFA review, email purge, access revocation, and escalation to IT teams.
  • Use LogRhythm SIEM for alarm review, log searches, evidence validation, case support, correlation rules, reporting, and detection tuning.
  • Work with EDR, Microsoft 365 / Entra ID, email security, identity, endpoint, and network security tools.
  • Maintain clear, audit-ready incident records in 4me/Xurrent, including timelines, evidence, actions, decisions, and post-incident reviews.
  • Support improvement of SOC performance, detection use cases, SIEM tuning, and incident response processes.
  • Lead or participate in incident calls across different regions and time zones.

Required Experience and Skills

  • Minimum 5 years’ experience in Security Operations, SOC, Incident Response, or Cybersecurity Operations.
  • Minimum 3 years’ hands-on experience investigating and responding to cybersecurity incidents.
  • Direct experience working with, or within, an MSSP/SOC environment.
  • Hands-on experience with LogRhythm SIEM.
  • Experience with EDR tools such as SentinelOne, Microsoft Defender for Endpoint, CrowdStrike, or similar.
  • Good understanding of Microsoft 365 security, Entra ID, MFA, conditional access, and sign-in log analysis.
  • Experience investigating phishing and email security events using Proofpoint, Defender for Office 365, Mimecast, or similar.
  • Good understanding of Windows endpoints, Active Directory, PowerShell basics, firewall logs, VPN logs, DNS, proxy logs, and network security fundamentals.
  • Experience using ITSM tools such as 4me/Xurrent, ServiceNow, Jira Service Management, or similar.
  • Experience working across international teams and multiple time zones is strongly preferred.
  • Exposure to industrial, manufacturing, mining, chemicals, or OT/ICS environments would be advantageous.

Certifications

At least one relevant cybersecurity certification is required, such as:

  • GCIH
  • CompTIA CySA+
  • Microsoft SC-200
  • Microsoft AZ-500
  • CompTIA Security+
  • SSCP
  • CISSP or CISM, where supported by hands-on SecOps or Incident Response experience

Additional certifications such as GCIA, GCED, GMON, CEH, ITIL Foundation, ISO 27001 Lead Implementer / Lead Auditor, or vendor training in LogRhythm, SentinelOne, Proofpoint, Microsoft Sentinel, or Defender would be advantageous.

Practical incident response, MSSP/SOC coordination, and LogRhythm experience will be weighted more heavily than certification alone.

What We Are Looking For

We are looking for someone calm and structured under pressure, with strong analytical skills, clear ownership, and a hands-on approach to problem solving.

They must be confident challenging both suppliers and internal teams when required, while remaining professional and constructive. They must be comfortable working across countries and time zones, particularly with Group IT, Türkiye IT, US IT, and the MSSP/SOC provider.

Excellent professional English, both written and spoken, is mandatory. They must be able to lead technical incident calls, write clear incident summaries, prepare management updates, and communicate effectively with senior stakeholders.