SOC L2/L3 Engineer

• Design, implement, and operationalize a Security Information and Event Management (SIEM) platform, including evaluation, selection, deployment, and optimization of supporting technologies such as case management and UEBA solutions.
• Develop, maintain, and continuously improve detection rules and use cases aligned with frameworks such as MITRE ATT&CK to identify malicious activity across cloud, endpoint, identity, and network environments.
• Investigate and triage L2/L3 security alerts, validate incidents, reduce false positives, and establish efficient escalation workflows.
• Lead incident response activities, including containment, eradication, recovery, forensic analysis, root cause identification, and post-incident reviews.
• Integrate and monitor log sources from cloud platforms, identity providers, endpoint protection tools, payment environments, and other critical systems.
• Conduct proactive threat hunting exercises based on emerging threats, attack techniques, and organization-specific risk scenarios.
• Develop and maintain security runbooks, playbooks, and automation workflows to improve operational efficiency and response consistency.
• Define, track, and report key SOC metrics related to detection coverage, incident response effectiveness, and operational performance.
• Collaborate with security, engineering, and infrastructure teams to continuously strengthen detection capabilities and overall security posture.
• Contribute to the long-term evolution and scaling of the security operations function through process improvements and strategic initiatives.

Requirements

• Minimum 3 years of experience in Security Operations, Detection Engineering, Incident Response, or related cybersecurity roles at the L2/L3 level.
• Hands-on experience building, deploying, or managing SIEM platforms, including log onboarding, correlation rule development, and tuning.
• Strong expertise in detection engineering and threat detection methodologies, with practical application of MITRE ATT&CK frameworks.
• Proficiency with query languages such as KQL, SPL, or equivalent technologies used for security monitoring and analysis.
• Experience investigating cloud security events and telemetry from platforms such as AWS, Google Workspace, EDR/XDR solutions, and related services.
• Solid understanding of attacker tactics, techniques, and procedures, with the ability to translate threat intelligence into actionable detection content.
• Experience with incident response processes, forensic investigations, and security event analysis.
• Scripting and automation skills using Python or similar languages to streamline security operations and data analysis tasks.
• Strong analytical thinking, documentation skills, and ability to maintain structured investigation processes under pressure.
• Excellent communication and collaboration abilities, with the capacity to work effectively across technical and non-technical teams.
• Experience with SOAR platforms, detection-as-code methodologies, UEBA solutions, threat intelligence integration, or payment industry security standards is considered a strong advantage.
• Familiarity with PCI DSS environments, SWIFT infrastructure, purple teaming exercises, or financial services security operations is highly desirable.

Benefits

• Opportunity to build and shape a security operations function with significant ownership and decision-making authority.
• Direct impact on protecting critical financial infrastructure and large-scale transaction environments.
• Freedom to influence technology selection, security architecture, and operational processes.
• Clear career progression opportunities, including potential leadership responsibilities as the security team grows.
• Exposure to advanced cloud security, threat detection, incident response, and automation initiatives.
• Collaborative environment with experienced cybersecurity professionals and strong leadership support.
• Flexible work arrangements designed to support productivity and work-life balance.
• More than 30 days of annual leave plus unlimited sick leave.
• Comprehensive health coverage and wellness benefits.
• Professional development support, including access to training courses, certifications, conferences, and industry events.
• Sports, wellness, and employee wellbeing programs.
• High-quality equipment, including Apple devices and modern productivity tools.
• Complimentary office meals and additional workplace perks where applicable.
• Competitive compensation package aligned with experience, expertise, and market standards.