SOC Engineer – Data Loss Prevention & Incident Response

About the role

Binance is seeking a seasoned SOC Engineer to lead Data Loss Prevention (DLP) and incident response initiatives across its global blockchain ecosystem. You will design, build, and automate custom security solutions while defending against emerging threats, including AI‑driven attacks.

Key responsibilities

• Design, deploy, and optimise DLP solutions for network, endpoint, and cloud environments.
• Develop data classification schemes for wallets, trading algorithms, and customer PII.
• Configure DLP policies to minimise false positives while preventing exfiltration.
• Monitor alerts, tune detection rules, and lead investigations of DLP incidents and insider threats.
• Conduct threat hunting, forensic analysis, and APT detection.
• Integrate DLP monitoring into SOC workflows and incident‑response playbooks.
• Build custom tools (e.g., macOS Swift endpoint protection, Unix socket monitoring) and automation scripts, APIs, and regexes.
• Explore AI/LLM‑driven anomaly detection methods.
• Ensure compliance with AML, KYC, GDPR, CCPA and support related audits.
• Assess and mitigate data‑loss risks across trading platforms and blockchain infrastructure.

Required profile

• 4+ years in a SOC or security‑operations role with a focus on incident response.
• Proven experience designing, deploying, and monitoring DLP solutions.
• Strong programming background in macOS Swift, Unix socket programming, and scripting languages.
• Hands‑on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data‑classification methods.

Required skills

• Swift (macOS)
• Unix socket programming
• Scripting (e.g., Python, Bash)
• SIEM platforms
• EDR solutions
• Cloud security architectures
• Encryption and tokenization
• Data classification
• Threat hunting
• Forensic analysis
• APT detection
• AI/LLM‑driven detection techniques