Cybersecurity Engineer - Level 2

Role Overview 

The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively. 

Key Responsibilities 

• Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools 

• Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access 

• Perform root-cause analysis and document incident findings and remediation actions 

• Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity 

• Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers 

• Respond to security incidents in accordance with established incident response playbooks and SLAs 

• Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence 

• Assist with vulnerability management findings and validation of remediation 

• Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms 

• Maintain accurate case notes, incident reports, and security documentation 

• Collaborate with IT, engineering, and security teams to improve overall security posture 

Required Qualifications 

• 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role 

• Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic) 

• Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems 

• Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR) 

• Understanding of the incident response lifecycle and security alert triage 

• Working knowledge of common attack techniques and indicators of compromise (IOCs) 

• Experience with the MITRE ATT&CK framework 

• Strong documentation and communication skills 

Preferred Qualifications 

• Experience in an MSP or multi-tenant SOC environment 

• Familiarity with SOAR tools and automation workflows 

• Exposure to cloud security logging (Azure, AWS, Microsoft 365) 

• Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7) 

• Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python) 

• Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User 

What Success Looks Like 

• Security alerts are investigated accurately and efficiently 

• Incidents are escalated with high-quality analysis and evidence 

• SIEM detections improve over time through tuning and feedback 

• Threats are identified early, contained effectively, and documented clearly 

• Strong collaboration with SOC peers and senior security engineers