SOC Engineer - 2

THE ROLE

SOC Engineer - 2

We're looking for a SOC Engineer - 2 to join our growing Security Operations team. In this role, you will help protect the organization by monitoring, detecting, investigating, and responding to security events across cloud, endpoint, and application environments. You will work on strengthening detection capabilities, improving response processes, and enhancing the overall security posture of the organization.

Success in this role means effectively identifying and responding to threats, improving detection quality, and contributing to scalable security operations through automation and continuous improvement. You will collaborate closely with security, engineering, IT, and business teams to ensure timely incident response and operational resilience.

Responsibilities

• Monitor and triage security alerts from EDR, DLP, SIEM, cloud, and web security platforms
• Investigate security incidents including credential compromise, unauthorized access, malware infections, and data exposure events
• Analyze logs across endpoints, cloud services, and applications to determine root cause, impact, and scope of incidents
• Perform proactive threat hunting to identify suspicious activity and gaps in existing detections
• Execute containment, remediation, and recovery actions following established incident response procedures
• Develop, tune, and improve detection rules and alerting logic to reduce false positives and improve signal quality
• Translate threat intelligence into actionable detection use cases and monitoring strategies
• Contribute to automation initiatives for alert enrichment, workflow optimization, and incident response processes
• Design and implement automation to improve true positive detection and enable automated triage of known issues
• Monitor cloud security findings and support remediation of configuration and access control issues
• Collaborate with engineering, IT, and business teams during investigations and incident response activities
• Maintain and improve incident response playbooks, runbooks, and operational documentation
• Track and report key operational metrics including incident trends, response times, and alert quality
• Stay current with emerging threats, attacker techniques, and security best practices

Qualifications

• 2-4 years of experience in SOC, Security Operations, or Incident Response roles
• Strong understanding of the incident response lifecycle and threat detection methodologies
• Hands-on experience with security tools such as EDR, DLP, SIEM, vulnerability scanners, and cloud security platforms
• Experience with tools such as CrowdStrike, Netskope, Splunk, Sentinel, or similar technologies
• Strong understanding of networking fundamentals including TCP/IP, DNS, HTTP/S, SMTP, and common attack vectors
• Experience analyzing logs and telemetry across endpoints, cloud environments, and applications
• Basic scripting or automation experience using Python or similar languages
• Experience with detection engineering, SIEM rule creation, dashboards, and alert tuning
• Familiarity with frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, threat hunting, and forensic analysis
• Strong analytical thinking, problem-solving, and communication skills
• Ability to work effectively in fast-paced and high-pressure environments

Preferred:

• Experience with AWS security services and cloud-native security tooling
• Familiarity with SOAR platforms and security automation workflows
• Experience with threat intelligence platforms and IOC management
• Exposure to endpoint forensics and malware analysis concepts
• Relevant certifications such as Security+, CEH, GCIH, GCIA, or similar
• Experience working in high-growth or cloud-native environments