ISS Engineer (Tier 2)

About The Position

Requirements

• 2+ years of experience with Python (or similar scripting languages) and APIs.
• Strong troubleshooting skills across endpoints, identity/access, and collaboration platforms; owning issues through to resolution.
• Hands-on SecOps exposure using tools like EDR/SIEM/SOAR for alert triage, investigation, and incident handling (or closely related experience with the ability to ramp fast).
• Data and analytics mindset with comfort pulling, cleaning, and analyzing operational data (tickets, alerts, logs) to guide decisions.
• Automation capability using scripting (Python or similar), APIs, and/or orchestration—building safe, auditable workflows that may leverage GenAI/ML for enrichment or decision support.
• Clear communicator who stays calm under pressure, comfortable navigating ambiguity and proposing structured solutions.
• Demonstrated curiosity and learning agility, with interest in growing across IT, security, and data/automation.

Nice To Haves

• Background in data analytics or analytics-heavy roles (e.g., operations analytics, analytics engineering, or similar).
• Exposure to security frameworks or compliance requirements and how they translate into practical controls and processes.
• Experience in a fast-growing or high-change environment, helping bring order and structure to messy, evolving systems.
• Demonstrated Generative AI (LLM or Agentic) implementation projects or InfoSec experience.

Responsibilities

• Own Tier 2 escalations across endpoints, identity & access, collaboration tools, and core services—balancing fast resolution with long-term quality.
• Investigate root causes of recurring issues and design durable fixes that prevent repeat incidents (vs. one-off workarounds).
• Develop secure configuration standards and baselines spanning endpoints, GenAI, orchestration, and SaaS/cloud infrastructure, and iterate on them to support scale and reliability.
• Shape incident/problem/change practices by proposing safe changes with clear rollback plans and improving how the team learns from incidents.
• Create operational documentation (knowledge base articles, runbooks, reusable patterns) that reduces escalations and uplevels the service desk.
• Triage and investigate security alerts in EDR/SIEM/SOAR, escalate effectively, and coordinate containment to recovery using playbooks with clear timelines.
• Build and improve automations + analytics (GenAI/ML workflows, scripts/APIs, dashboards) to streamline tasks like alert enrichment, ticket routing, lifecycle changes, remediation flows, and ongoing operational reporting.
• Partner on vulnerability and patch management by prioritizing issues, tracking remediation to SLAs, and verifying closure in measurable ways.