L2 & L3 Security Operations Center (SOC)

Role Overview:

The SOC Engineer will play a crucial role in the day-to-day operations of the Security Operations Center (SOC), performing both L1 and L2 functions. The L1 SOC Engineer will serve as the first line of defense, responsible for monitoring, triaging, and escalating security alerts, while the L2 SOC Engineer will handle more complex incidents, provide advanced analysis, and lead the incident response process. Together, they ensure 24/7 coverage and protection of the organization’s infrastructure by efficiently managing security incidents and continuously improving the SOC's processes.

Key Responsibilities:

L2/L3 SOC Engineer Responsibilities:

• Perform in-depth analysis of security alerts and incidents escalated by L1 SOC Engineers.
• Lead the response process for complex security incidents.
• Work with the SOC Technical Lead on high-priority incidents requiring escalation.
• Tune and optimize security tools, such as Microsoft Sentinel, to reduce false positives and enhance detection accuracy.
• Create, update, and refine incident response procedures to improve overall SOC efficiency.
• Mentor and support L1 SOC Engineers, assisting them in improving their skills and knowledge.

Qualifications:

L2/L3 SOC Engineer Qualifications:

• 3-5 years of experience in cybersecurity operations.
• Expertise in SIEM platforms, particularly Microsoft Sentinel.
• Solid understanding of incident response processes and security operations methodologies.
• Strong knowledge of networking and cybersecurity concepts, including firewalls, intrusion prevention systems (IPS), and threat hunting.