Security Operations Engineer I

Responsibilities

• Monitor and investigate alerts from SIEM, EDR, identity, cloud, and network security platforms
•  Triage and escalate suspected security incidents to SOC teams and senior security staff
•  Correlate logs and telemetry across multiple security tools to support investigations
•  Analyze alerts to distinguish false positives from legitimate threats
•  Support administration and daily operations of security tools, including Microsoft Defender, Sentinel, Splunk, Elastic, and Wiz
•  Assist with identity and access security, firewall, and network security platform management
•  Onboard, validate, and maintain log sources within the SIEM environment
•  Ensure comprehensive logging coverage and visibility across enterprise systems
•  Collaborate with cybersecurity engineering and SOC teams to improve detection capabilities and alert accuracy
•  Tune detection rules, reduce false positives, and validate security controls across endpoints, cloud, and identity platforms
•  Support vulnerability remediation, security hardening, incident response, and post-incident reviews
•  Partner with IT, compliance, and engineering teams while continuously developing expertise in cloud security, endpoint security, SIEM operations, and threat detection

Minimum Qualifications

• 3+ years of experience in cybersecurity, SOC operations, or security engineering
• Familiarity with SIEM and endpoint security tools
• Basic understanding of: Security monitoring and incident response, endpoint detection and response (EDR), cloud and identity security concepts, log analysis and alert triage
• Experience working with or exposure to tools such as: Microsoft Defender, Elastic, Splunk, or Microsoft Sentinel, CrowdStrike, Cortex XDR, or similar EDR platforms, Microsoft Entra ID / Azure AD
• Strong analytical and troubleshooting skills
• Ability to work collaboratively in a fast-paced operational environment

Preferred Skills and Experience

• 5+ years' experience in cybersecurity
• CompTIA Security+, CySA+, or equivalent certifications
• Exposure to cloud platforms such as Azure or AWS
• Familiarity with MITRE ATT&CK framework
• Basic scripting or automation experience (PowerShell, Python, KQL)
• Experience supporting compliance or regulated environments