SOC Engineer Level 3 - FTE - Direct Only Please

Our client, a security and solution provider, is seeking a SOC Engineer Level 3. This is a fully remote position - east coast preferred.

• Act as SOC engineering escalation point and provide technical leadership to SOC Level 1 & 2 Analysts
• Work closely with SOC Manager to identify escalations and ensure smooth operation of the SOC.
• Regularly communicate with customers about SOC Incident escalations and next steps.
• Provide escalated incident investigation and formulate response to customers.
• Develop and provide threat hunting plan for SOC customers.
• Report potential threats and remediation to SOC Analysts and customers.
• Provide feedback to SOC Manager to improve process and procedures for SOC.
• Attend virtual training for SOC tools and security platform as required.
• Assist in the development and refinement of IR handbooks, XRD and XSOAR Playbooks.
• Assist and work with the Security Engineering, NOC and Network Engineering teams with security related issues and escalatation incidents and support..
• Provide engineering guidance for remediation of security related incidents.
• Assist with the development of vulnerability and security gap analysis reports for clients.
• Attend customer monthly and quarterly business reviews as required.
• Provide guidance to SOC team to on-board and off-board SOC customers.
• Communicate results of investigations to customers and log responses and time in Connect Wise.
• Perform administrative duties on SOC toolsets (Cortex XDR, XSOAR, LogRhythm, Cisco XDR, Splunk etc).
• Assist SOC Manager and SOC team with select pre-sales activities and proof of concepts for potential customers.
• Continuously update documentation and support information for customers on Confluence.
• Serving as an escalation point for technical support related to security incidents, tools, and applications.
• Working with a growing team of SOC Support engineers and assist with troubleshooting and ticket resolution.
• Manage all security situations in a professional and courteous business manner with an emphasis on customer satisfaction, while keeping the customer abreast of expectations, problem status and completion.

Qualifications

• 5+ Years providing IT support to end users.
• Experience using Splunk (Splunk designated certifications)
• Direct experience in Security Operations Center work, Network Event Analysis, Threat Analysis and/or Intelligence Analysis
• Excellent written and verbal communications skills.
• Experience managing end point security agents and cybersecurity tools.
• 7+ year experience as a Security/Cyber/Network Analyst Experience
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)
• Experience with XDR/EDR/SOAR security tools (Palo Alto Cortex XDR and Cisco XDR preferred)
• Ability to analyze endpoint, network, and application logs
• Knowledge of common Internet protocols and applications.
• Experience with scripting languages (Python, Bash, PowerShell, etc preferred but not required)