Role Summary:

As a Level 2 Cybersecurity Engineer , you will be responsible for analyzing, investigating, and responding to security events detected across multiple customer environments. You'll work closely with the IT team to ensure timely triage, incident handling, threat hunting, and remediation guidance.

You should have a solid understanding of network protocols, endpoint systems, log analysis, and threat intelligence, with the ability to work independently and collaboratively in a high-pressure environment.

Key Responsibilities:

• Monitor, analyze, and respond to security alerts from SIEM, EDR/XDR, firewalls, IDS/IPS, email gateways, and other security tools.
• Investigate and triage medium-to-high severity incidents using log analysis, packet capture, and forensic techniques.
• Perform root cause analysis and provide actionable remediation steps to clients or internal teams.
• Collaborate with Level 1 engineers to escalate and resolve complex incidents.
• Participate in threat hunting activities to proactively identify indicators of compromise (IOCs).
• Maintain and improve detection rules, correlation use cases, and automation playbooks within the SOC platforms.
• Document investigations, findings, and lessons learned in clear, concise reports.
• Support incident response engagements, including containment, eradication, and recovery phases.
• Assist with vulnerability assessments, penetration testing, and compliance audits as needed.
• Stay current with emerging threats, vulnerabilities, and industry best practices.

Required Skills & Experience:

• 3-5 years of experience in cybersecurity, preferably in a SOC, MSSP, or incident response environment.
• Solid understanding of TCP/IP, common application layer protocols, and network architecture.
• Hands-on experience with:
  • SIEM platforms (e.g., Splunk, QRadar, ArcSight, Microsoft Sentinel)
  • EDR/XDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender ATP, Carbon Black)
  • IDS/IPS (Snort, Suricata, Cisco Firepower)
  • Firewalls (Cisco ASA/FTD, Palo Alto, Fortinet)
• Proficiency in log analysis and event correlation across Windows, Linux, and cloud environments.
• Strong knowledge of malware behavior, attack vectors (MITRE ATT&CK framework), and IoCs.
• Basic scripting skills (Python, PowerShell, Bash) to automate repetitive tasks or extract data.
• Familiarity with threat intelligence platforms and feeds (e.g., MISP, VirusTotal, ThreatConnect).
• Excellent written and verbal communication skills for reporting and client interaction.
• Ability to work in a rotating shift schedule (24x7 SOC coverage).

Preferred Qualifications:

• Certifications: Crest , CEH , CISSP , CISA , GSEC , GCIA , or equivalent.
• Experience with cloud security (AWS, Azure, GCP) and SaaS environments (e.g., O365, GSuite).
• Knowledge of SOAR platforms (e.g., Phantom, Siemplify, LogicHub).
• Experience with digital forensics and incident response (DFIR).
• Familiarity with NIST, ISO 27001, CIS Controls , or GDPR frameworks.
• Understanding of SOC maturity models and operational best practices.