Senior SOC Security Engineer II

The Senior SOC Security Engineer will serve as a key technical expert within the Security Operations Center (SOC), responsible for leading the design, implementation, and optimization of security monitoring and incident response technologies. In this hands-on role, you will work closely with SOC analysts and other security professionals to enhance the organization’s ability to detect, respond to, and mitigate security threats. As a senior engineer, you will also be responsible for threat detection and analysis, automation of security processes, and maintaining a strong security posture through continuous improvement of the SOC infrastructure.

In addition to handling high-level security engineering tasks, you will mentor junior SOC analysts and engineers, providing technical guidance and fostering a culture of continuous improvement. You will also serve as the SOC’s subject matter expert for emerging threats, advanced persistent threats (APTs), and cutting-edge security technologies.

Primary Duties

• Engineer and implement security solutions that enhance the SOC’s ability to prevent, detect, and respond to security incidents across cloud environments (AWS, GCP and Azure).
• Lead the design, deployment, and maintenance of security monitoring infrastructure, including SIEM, IDS/IPS, EDR, and firewalls.
• Develop and maintain detailed incident response playbooks and procedures, ensuring alignment with industry best practices.
• Provide expert analysis of security events, correlating data from various sources (network, endpoint, application) to gain a holistic view of potential threats.
• Assist in containment and remediation strategies for cyber incidents, coordinating with internal teams to ensure swift resolution.
• Mentor and provide guidance to junior SOC engineers and analysts, helping them develop their technical skills and grow in their roles.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field.
• Minimum of 7+ years of hands-on experience in cybersecurity, with a strong focus on SOC engineering, threat detection, and incident response.
• Expertise in managing and optimizing SIEM platforms (e.g.,Sumo Logic), EDR tools, IDS/IPS, and firewalls.
• Hands-on experience in threat intelligence, threat hunting, and advanced log analysis for incident detection and response.
• Understanding of security frameworks and methodologies, such as MITRE ATT&CK, NIST, ISO 27001, or CIS Controls.
• Familiarity with cloud security tools and techniques for monitoring and securing workloads in AWS, Azure, or GCP environments.

Preferred KSA’s

• In-depth knowledge of security operations, including SIEM, EDR, IDS/IPS, malware analysis, and vulnerability management tools.
• Experience working with cloud security technologies (AWS, Azure, GCP), including monitoring, logging, and incident response in cloud environments.
• Experience in developing and deploying automation scripts (e.g., Python, PowerShell) to perform routine tasks such as log analysis, threat detection, and incident response.
• Act as the technical lead in investigating, analyzing, and responding to complex security incidents and remediation efforts.
• Experience in evaluating new security technologies and making recommendations to enhance the organization’s defensive capabilities.
• Hands-on experience in malware analysis, reverse engineering, and digital forensics.
• Experience in advanced log and network traffic analysis to identify security incidents, trends, and anomalous behaviors.

Preferred:

• Certifications such as CISSP, GCIH, GCIA, CEH, OSCP, or GIAC are preferred.

Physical Requirements

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.