Security Operations Center (SOC) Engineer

About The Position

Requirements

• Minimum 2 years of hands-on experience in a security operations center or similar security-focused role
• Proven experience with security monitoring, incident detection, and response activities
• Direct experience working with SIEM platforms (Splunk, Sentinel, QRadar, or similar)
• Demonstrated ability to analyze security logs and identify malicious activity
• Experience supporting compliance initiatives or working in regulated industries
• Deep expertise in at least two of the following domains: Intrusion detection and security monitoring, Security incident response and digital forensics, Threat intelligence analysis and threat hunting, Endpoint security (EDR/XDR platforms), Network security monitoring and analysis, Security compliance and audit support
• Strong understanding of common attack vectors, malware families, and adversary techniques
• Proficiency with security tools such as IDS/IPS, EDR, SIEM, vulnerability scanners, and packet analyzers
• Working knowledge of operating systems security (Windows, Linux, macOS)
• Understanding of network protocols, traffic analysis, and network security architecture
• Familiarity with cloud security principles and securing cloud-based infrastructure (AWS, Azure, GCP)
• Working understanding of major compliance frameworks (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST CSF)
• Ability to map security controls to compliance requirements
• Experience with audit evidence collection and documentation
• Understanding of log retention requirements for various compliance standards
• Familiarity with security control frameworks (CIS Controls, NIST 800-53)
• Solid grasp of the cybersecurity threat landscape, attack frameworks (MITRE ATT&CK), and kill chain methodology
• Understanding of security compliance frameworks and how to operationalize them
• Knowledge of security best practices for hardening systems and applications
• Awareness of privacy regulations (GDPR, CCPA) and their intersection with security operations
• Understanding of security governance, risk management, and compliance (GRC) principles

Nice To Haves

• Security certifications such as Security+, CySA+, GCIA, GCIH, CEH, CISSP, or compliance-related certifications (CISA, CISM, ISO 27001 Lead Auditor)
• Experience with red teaming, penetration testing, or offensive security operations
• Scripting or programming skills (Python, PowerShell, Bash) for security automation
• Experience with SOAR platforms, malware analysis, or reverse engineering
• Prior experience building or maturing security operations capabilities in MSP or MSSP environments
• Project management experience with security implementations and client onboarding

Responsibilities

• Monitor security events and alerts across enterprise infrastructure, cloud environments, and client networks 24/7
• Identify, analyze, and triage security incidents using SIEM platforms, EDR/XDR tools, and other security monitoring solutions
• Perform real-time analysis of security logs, network traffic, and endpoint telemetry to detect malicious activity
• Execute threat hunting operations to proactively identify advanced persistent threats (APTs) and insider threats
• Respond to security incidents following established incident response procedures and playbooks
• Conduct a forensic analysis of security events to determine the root cause, scope, and impact
• Document security incidents thoroughly, including attack vectors, affected systems, and remediation actions
• Escalate critical security incidents to senior analysts and management as appropriate
• Coordinate with the compliance team to ensure security incidents are properly reported per regulatory requirements
• Monitor and enforce security controls required by compliance frameworks (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, etc.)
• Assist in maintaining a continuous compliance posture across Klik Solutions and client environments
• Support internal and external security audits by providing evidence, logs, and documentation
• Track and remediate security control gaps identified through compliance assessments
• Generate compliance reports demonstrating adherence to security policies and regulatory requirements
• Work closely with the compliance team to translate regulatory requirements into operational security controls
• Maintain audit trails and evidence collection for security operations activities
• Lead or support security onboarding for new client engagements and projects
• Conduct initial security assessments of new client environments to identify risks and gaps
• Deploy and configure security monitoring tools (SIEM agents, EDR, log collectors) in client environments
• Establish baseline security monitoring coverage and alert tuning for new clients
• Document client-specific security requirements, constraints, and escalation procedures
• Create customized security monitoring use cases based on client infrastructure and risk profile
• Coordinate with technical teams during client onboarding to ensure security tooling is properly integrated
• Develop client-specific security documentation, including runbooks and incident response procedures
• Identify security vulnerabilities across enterprise assets, including endpoints, servers, network devices, and cloud infrastructure
• Assist in vulnerability assessment and penetration testing initiatives
• Collaborate with IT teams to ensure timely patching and remediation of identified vulnerabilities
• Maintain awareness of emerging threats, attack techniques, and vulnerability disclosures
• Track vulnerability remediation efforts to meet compliance timelines and SLAs
• Contribute to the development and refinement of security monitoring use cases and detection rules
• Assist in tuning security tools to reduce false positives while maintaining detection effectiveness
• Help develop and maintain security incident response playbooks and standard operating procedures
• Support the implementation of security automation and orchestration workflows
• Build and maintain compliance-focused security dashboards and reporting
• Collect, analyze, and operationalize threat intelligence from internal and external sources
• Track threat actor tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK
• Share threat intelligence with stakeholders and contribute to threat intelligence sharing communities
• Maintain threat actor profiles and indicators of compromise (IOCs) in security platforms
• Correlate threat intelligence with compliance requirements to prioritize security controls
• Manage and maintain security operations tools, including SIEM, EDR, IDS/IPS, and threat intelligence platforms
• Ensure comprehensive log collection and retention from all critical security-relevant sources to meet compliance requirements
• Work with engineering teams to deploy and configure security sensors and monitoring agents
• Evaluate new security technologies and recommend improvements to the security stack
• Ensure security tools are configured to support compliance evidence collection
• Coordinate with the SOC Lead on follow-the-sun operations and shift handoffs
• Partner with IT operations, compliance, privacy, and application security teams on security initiatives
• Communicate security risks and incidents clearly to both technical and non-technical stakeholders
• Engage with external partners, including law enforcement, ISACs, threat intelligence vendors, and security researchers
• Support client communications during security incidents and provide status updates on security posture
• Participate in client security reviews and present security metrics and compliance status