Role Overview
The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively.
Key Responsibilities
- Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools
- Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access
- Perform root-cause analysis and document incident findings and remediation actions
- Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity
- Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers
- Respond to security incidents in accordance with established incident response playbooks and SLAs
- Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence
- Assist with vulnerability management findings and validation of remediation
- Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms
- Maintain accurate case notes, incident reports, and security documentation
- Collaborate with IT, engineering, and security teams to improve overall security posture
Required Qualifications
- 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role
- Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)
- Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems
- Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)
- Understanding of the incident response lifecycle and security alert triage
- Working knowledge of common attack techniques and indicators of compromise (IOCs)
- Experience with the MITRE ATT&CK framework
- Strong documentation and communication skills
Preferred Qualifications
- Experience in an MSP or multi-tenant SOC environment
- Familiarity with SOAR tools and automation workflows
- Exposure to cloud security logging (Azure, AWS, Microsoft 365)
- Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7)
- Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python)
- Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User
What Success Looks Like
- Security alerts are investigated accurately and efficiently
- Incidents are escalated with high-quality analysis and evidence
- SIEM detections improve over time through tuning and feedback
- Threats are identified early, contained effectively, and documented clearly
- Strong collaboration with SOC peers and senior security engineers