Security Operations Center (Soc) Engineer

We are seeking a Security Operations Center (SOC) Engineer to support security monitoring, threat detection, and compliance activities across enterprise and client environments. This role focuses on identifying and responding to cyber threats, investigating incidents, and ensuring security controls align with regulatory requirements. The SOC Engineer will report to the SOC Lead and contribute to strengthening security operations across environments in the United States and Ukraine.

Key Responsibilities

Security Monitoring and Threat Detection

• Monitor security events and alerts across enterprise infrastructure, cloud environments, and client networks.
• Identify, analyze, and triage potential security incidents using SIEM platforms, EDR/XDR tools, and other monitoring technologies.
• Review system logs, network traffic, and endpoint telemetry to detect suspicious or malicious activity.
• Conduct proactive threat hunting to identify advanced persistent threats and insider risks.

Incident Response and Investigation

• Respond to security incidents according to established procedures and response playbooks.
• Investigate alerts and perform forensic analysis to determine root cause, scope, and impact.
• Document incidents, including attack vectors, affected assets, and remediation steps.
• Escalate critical incidents to senior security staff and leadership when necessary.
• Coordinate with compliance teams to ensure incidents are properly documented and reported.

Compliance and Audit Support

• Support security compliance efforts aligned with frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, and NIST.
• Assist in maintaining continuous compliance across company and client environments.
• Provide documentation, logs, and evidence for internal and external security audits.
• Track remediation of security control gaps identified during compliance assessments.
• Prepare compliance reports demonstrating adherence to security policies and regulatory requirements.

Security Onboarding and Implementation

• Support security onboarding for new clients and projects.
• Perform initial security assessments of client environments to identify risks and security gaps.
• Deploy and configure security monitoring tools such as SIEM agents, EDR solutions, and log collectors.
• Establish baseline monitoring coverage and tune alerts for client environments.
• Develop client-specific security documentation including runbooks and incident response procedures.

Vulnerability and Threat Management

• Identify vulnerabilities across systems, endpoints, network infrastructure, and cloud platforms.
• Assist with vulnerability scanning, assessment, and remediation coordination.
• Work with IT teams to ensure timely patching and mitigation of security risks.
• Monitor emerging threats, vulnerabilities, and attack techniques.

Security Operations Development

• Support the development of detection rules, monitoring use cases, and security playbooks.
• Tune security monitoring tools to reduce false positives while maintaining detection coverage.
• Assist with implementing automation and orchestration workflows for security operations.
• Develop dashboards and reporting to track security events and compliance status.

Threat Intelligence

• Collect and analyze threat intelligence from internal and external sources.
• Track adversary tactics, techniques, and procedures using frameworks such as MITRE ATT&CK.
• Maintain indicators of compromise and threat actor profiles within security tools.
• Share relevant threat intelligence with internal teams and stakeholders.

Security Tools and Infrastructure

• Support management of security platforms including SIEM, EDR, IDS/IPS, vulnerability scanners, and threat intelligence systems.
• Ensure comprehensive log collection from critical systems to support detection and compliance requirements.
• Assist with deployment and configuration of security monitoring infrastructure.
• Evaluate new security tools and recommend improvements to the security environment.

Collaboration and Communication

• Coordinate with the SOC Lead on monitoring coverage and operational handoffs.
• Work closely with IT operations, compliance, and security teams on ongoing initiatives.
• Communicate security incidents and risks clearly to technical and non-technical stakeholders.
• Support client communication during incidents and participate in security posture reviews.

Requirements

• Minimum 2 years of experience in a Security Operations Center or a similar cybersecurity role.
• Experience with security monitoring, incident detection, and incident response processes.
• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, or similar tools.
• Experience analyzing security logs and identifying suspicious activity.
• Exposure to compliance initiatives or work within regulated environments.

Technical Skills

• Strong knowledge in at least two of the following areas:
• Security monitoring and intrusion detection
• Incident response and digital forensics
• Threat intelligence analysis and threat hunting
• Endpoint security platforms (EDR/XDR)
• Network traffic monitoring and analysis
• Security compliance and audit support
• Understanding of common cyberattack techniques, malware behavior, and adversary tactics.
• Experience with security tools including IDS/IPS, EDR, SIEM, vulnerability scanners, and packet analysis tools.
• Working knowledge of Windows, Linux, and macOS security concepts.
• Understanding of network protocols, traffic analysis, and network security architecture.
• Familiarity with cloud security principles for AWS, Azure, or Google Cloud environments.

Compliance and Framework Knowledge

• Working knowledge of compliance frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, and NIST.
• Understanding of security control frameworks including CIS Controls and NIST 800-53.
• Experience supporting audit evidence collection and documentation.
• Understanding of log retention and security monitoring requirements for regulated environments.

Knowledge and Understanding

• Understanding of the cybersecurity threat landscape and modern attack frameworks such as MITRE ATT&CK.
• Knowledge of security governance, risk management, and compliance practices.
• Understanding of system hardening and security best practices.
• Awareness of privacy regulations such as GDPR and CCPA and their relationship to security operations.

Preferred Qualifications

• Security certifications such as CompTIA Security+, CySA+, GCIA, GCIH, CEH, CISSP, CISA, CISM, or ISO 27001 Lead Auditor.
• Experience with penetration testing, red teaming, or offensive security techniques.
• Scripting experience using Python, PowerShell, or Bash for security automation.
• Experience with SOAR platforms, malware analysis, or reverse engineering.
• Previous experience working in MSP or MSSP environments supporting multiple clients.
• Experience managing security projects or onboarding new client environments.

Location Remote or hybrid roles may be available depending on project requirements.

Employment Type Full-time.