SOC Engineer - REMOTE - Public Trust Needed

About The Position

Requirements

• U.S. Citizen with ability to obtain Public Trust clearance.
• 2-5 years of experience in network defense, SOC engineering, or cybersecurity operations.
• Hands-on experience with Microsoft Sentinel, including log onboarding, rule development, and automation.
• Proficiency with log parsing and normalization (Regex, Fluent Bit, DCRs, KQL).
• Strong scripting skills in PowerShell and/or Python for automation and data handling.
• Experience configuring and maintaining data feeds for SOC visibility (cloud, endpoint, network, and on-prem).
• Familiarity with incident response concepts, threat detection engineering, and SOAR workflows.
• Excellent written and verbal communication skills with ability to work across technical and non-technical teams.
• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5+ years of progressive cybersecurity/SOC experience (engineering and operations).
• The following requirements must be met to be eligible for this position: successful completion of a background investigation and drug urinalysis.

Nice To Haves

• Knowledge of federal cybersecurity mandates (M-21-31, NIST Cybersecurity Framework, CISA Incident/Vulnerability Playbooks, BOD 22-01).
• Experience with Microsoft Logic Apps, Azure Functions, or other SOAR development platforms.
• -Experience with UEBA configuration to enhance anomaly detection.
• Background in AI/ML frameworks for cyber analytics.
• Experience building SOC metrics, dashboards, and reporting for operational visibility.
• Familiarity with M365, Azure security tools, ServiceNow workflows, and CISA CDM tools.
• -Relevant certifications such as CISSP, CISM, Microsoft Security Operations Analyst (SC-200), or Azure Security Engineer (AZ-500).

Responsibilities

• Maintain and optimize a Microsoft Sentinel SIEM/SOAR solution in alignment with client requirements, industry best practices, and federal compliance mandates.
• Configure and manage log/data feeds from diverse sources (e.g., Fluent Bit, Windows Events, M365, cloud services, endpoint/security platforms).
• Develop and refine log parsing rules using Regex, DCRs, and custom transformations to ensure accurate and usable data in Sentinel.
• Engineer automation and orchestration solutions using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripts to improve SOC efficiency and incident response.
• Build, tune, and optimize analytic rules, UEBA, dashboards, and reports to improve detection and response coverage.
• Partner with cross-functional teams (network, endpoint, cloud, IT ops) to integrate new data sources and deliver actionable SOC capabilities.
• Develop and maintain clear documentation of SOC architecture, log source onboarding, and automation playbooks; provide training for SOC analysts on new tools and processes.
• Conduct gap analyses of existing SOC capabilities, recommend improvements, and contribute to SOC process maturity.
• Provide Tier 3 support and assist with complex investigations when required.