SOC L2/L3 Engineer

Accountabilities

• Design, implement, and operationalize a Security Information and Event Management (SIEM) platform, including evaluation, selection, deployment, and optimization of supporting technologies such as case management and UEBA solutions.


• Develop, maintain, and continuously improve detection rules and use cases aligned with frameworks such as MITRE ATT&CK to identify malicious activity across cloud, endpoint, identity, and network environments.


• Investigate and triage L2/L3 security alerts, validate incidents, reduce false positives, and establish efficient escalation workflows.


• Lead incident response activities, including containment, eradication, recovery, forensic analysis, root cause identification, and post-incident reviews.


• Integrate and monitor log sources from cloud platforms, identity providers, endpoint protection tools, payment environments, and other critical systems.


• Conduct proactive threat hunting exercises based on emerging threats, attack techniques, and organization-specific risk scenarios.


• Develop and maintain security runbooks, playbooks, and automation workflows to improve operational efficiency and response consistency.


• Define, track, and report key SOC metrics related to detection coverage, incident response effectiveness, and operational performance.


• Collaborate with security, engineering, and infrastructure teams to continuously strengthen detection capabilities and overall security posture.


• Contribute to the long-term evolution and scaling of the security operations function through process improvements and strategic initiatives.

Requirements

• Minimum 3 years of experience in Security Operations, Detection Engineering, Incident Response, or related cybersecurity roles at the L2/L3 level.


• Hands-on experience building, deploying, or managing SIEM platforms, including log onboarding, correlation rule development, and tuning.


• Strong expertise in detection engineering and threat detection methodologies, with practical application of MITRE ATT&CK frameworks.


• Proficiency with query languages such as KQL, SPL, or equivalent technologies used for security monitoring and analysis.


• Experience investigating cloud security events and telemetry from platforms such as AWS, Google Workspace, EDR/XDR solutions, and related services.


• Solid understanding of attacker tactics, techniques, and procedures, with the ability to translate threat intelligence into actionable detection content.


• Experience with incident response processes, forensic investigations, and security event analysis.


• Scripting and automation skills using Python or similar languages to streamline security operations and data analysis tasks.


• Strong analytical thinking, documentation skills, and ability to maintain structured investigation processes under pressure.


• Excellent communication and collaboration abilities, with the capacity to work effectively across technical and non-technical teams.


• Experience with SOAR platforms, detection-as-code methodologies, UEBA solutions, threat intelligence integration, or payment industry security standards is considered a strong advantage.


• Familiarity with PCI DSS environments, SWIFT infrastructure, purple teaming exercises, or financial services security operations is highly desirable.

Benefits

• Opportunity to build and shape a security operations function with significant ownership and decision-making authority.


• Direct impact on protecting critical financial infrastructure and large-scale transaction environments.


• Freedom to influence technology selection, security architecture, and operational processes.


• Clear career progression opportunities, including potential leadership responsibilities as the security team grows.


• Exposure to advanced cloud security, threat detection, incident response, and automation initiatives.


• Collaborative environment with experienced cybersecurity professionals and strong leadership support.


• Flexible work arrangements designed to support productivity and work-life balance.


• More than 30 days of annual leave plus unlimited sick leave.


• Comprehensive health coverage and wellness benefits.


• Professional development support, including access to training courses, certifications, conferences, and industry events.


• Sports, wellness, and employee wellbeing programs.


• High-quality equipment, including Apple devices and modern productivity tools.


• Complimentary office meals and additional workplace perks where applicable.


• Competitive compensation package aligned with experience, expertise, and market standards.

Deze vacature komt van ats_lever. Originele vacature bekijken ↗