"Alerted.org

Job Description

We are seeking an experienced Tier 2 SOC Engineer to join our Security Operations Center team. The ideal candidate will provide advanced incident detection, analysis, and response, leveraging a broad set of security tools and platforms. You will play a key role in protecting the organization's information assets, supporting incident investigations, and mentoring Tier 1 analysts.

Key Responsibilities

• Monitor security alerts and events using SIEM and security monitoring tools.

• Analyze and triage escalated security incidents; conduct in-depth investigations.

• Respond to and contain security incidents, ensuring proper escalation when necessary.

• Perform root cause analysis and recommend mitigation strategies.

• Support threat hunting activities and proactive identification of risks.

• Develop and tune correlation rules, alerts, and dashboards.

• Document incidents, investigations, and recommendations in ticketing systems.

• Collaborate with IT, engineering, and business units to ensure security best practices.

• Mentor and assist Tier 1 analysts with complex investigations.

• Serve as a subject matter expert by investigating and presenting intelligence on the latest cyber threats, vulnerabilities, and industry best practices weekly or bi-weekly

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• 5+ years experience in a Security Operations Center or similar security role.

• Strong analytical and problem-solving skills.

• Proactively identify tasks and take ownership to ensure their completion.

• Demonstrate initiative and the capability to work autonomously with minimal supervision.

• Experience with the following tools/platforms:

• Cloud Security: Wiz, Azure Defender for Cloud, AWS Security Hub, related cloud native security tools

• Vulnerability Management: Tenable

• SIEM & Monitoring: Splunk, Microsoft Sentinel, Amazon CloudWatch, AWS CloudTrail

• EDR & Threat Protection: Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Cisco AMP

• Identity & Access: Microsoft Defender for Identity, Azure Active Directory

• Data Loss Prevention: Code42, O365 DLP

• Familiarity with Microsoft 365 security and Azure security controls.

• Experience with AWS Security tools and controls.

• Knowledge of TCP/IP, network protocols, and common attack vectors.

• Ability to interpret and analyze log data from various sources.

• Understanding of incident response methodologies and frameworks (e.g., NIST, SANS).

• Knowledge of vulnerability management processes and remediation.

• Excellent written and verbal communication skills.

• Ability to work in a fast-paced, 5x8 SOC environment • Experience with scripting (Python) for automation and investigation is a plus.