As a Security Monitoring Engineer in the Security Operations Center (SOC), you will be responsible for 24/7 security monitoring, promptly detecting and preventing cyberattacks, preventing data breaches, ensuring network system stability, and safeguarding the company's business and information security.

Key Responsibilities
• Security Monitoring: 24/7 network security monitoring including security alerts and network traffic.
• Incident Verification: Diagnose, analyze, and investigate suspected IT security incidents discovered through various sources such as external security events, internal intelligence, customer complaints, and security monitoring alerts. Initially determine the target, scope, and impact of the incident.
• Initial Incident Classification: Using incident classification guidelines and experience, perform initial categorization based on threat level and impact.
• Cybersecurity Incident Management: Manage incident tickets, promptly report internally, and track incident handling progress.
• Virus and Vulnerability Checks: Interpret and analyze virus and vulnerability scan reports regularly or before business go-live, provide professional recommendations; regularly inspect host processes/ports against network traffic behavior models, and initiate emergency response procedures if necessary.

Job Requirements (Essential Skills)
• Education and Experience:
 Bachelor's degree or above in Computer Science, Information Security, or a related field.
 Over 1 year of experience in security incident response or security analysis within SOC, CERT, or CSIRT teams, or experience in VAPT/red team/blue team services, emergency response, cybersecurity operations, or attack-defense exercises.
• Technical Knowledge:
 Understanding of network attack and defense technologies, familiar with common attack methods (such as the MITRE ATT&CK framework), malware behaviors, and vulnerability exploitation techniques.
 Solid foundational knowledge of networks (TCP/IP, DNS, HTTP/S, etc.), with the ability to analyze network traffic and packets proficiently (using tools like Wireshark).
 Familiarity with internal operating system principles, including Windows and Linux.
 Knowledge of network security devices, along with practical operational experience.
• Tool Skills:
 Extensive experience with SIEM platforms (such as Splunk, Elastic SIEM, vendor SOCs, QRadar, etc.), capable of writing search queries and performing log analysis.
 Experience using and investigating with EDR platforms (such as CrowdStrike, Huawei Cloud HSS, etc.).
 Proficiency in at least one scripting language (such as Python, PowerShell, Bash) for automating daily tasks.
• Soft Skills:
 Excellent analytical and problem-solving abilities: able to remain calm under pressure.
 Good communication skills,: able to clearly explain security incidents and risks to both technical and non-technical personnel.
 Strong sense of responsibility and team spirit.
 Ability to adapt to shift work (including night shifts, weekends, and 24/7 operations).
• Preferred Qualifications (Bonus Points)
 Holding industry-recognized security certifications, such as CISP/CISSP or equivalent certifications;
 Experience in cloud security incident response (e.g., Huawei Cloud, AWS, Azure, GCP);
 Experience in digital forensics investigations;
 Familiarity with Threat Intelligence Platforms (TIP) and the ability to apply threat intelligence in practical work;
 Hands-on experience with open-source or commercial vulnerability platforms (e.g., HackTheBox, TryHackMe);
 Certain abilities in automation script development to improve team efficiency.

This position is open to Macau ID holders only. For non-locals, please browse our company website for opportunities in your country. HK ID holders are encouraged to apply through hkrecruit@huawei.com.

We offer competitive remuneration package to the right candidate. Interested parties please send your full resume with present and expected salary, and available date by email to macaurecruit@huawei.com. Please state the email title with Macau Branch and position name applied.