SOC Operations Engineer

About The Position

Requirements

• 1+ years in IT operations, MSP service delivery, or a security-adjacent technical role.
• Familiarity with endpoint protection concepts, identity fundamentals, and common security alert categories.
• Strong troubleshooting ability and a disciplined approach to evidence gathering and validation.
• Strong written communication skills in a ticketing system.
• Ability to learn quickly and follow procedures consistently under pressure.

Nice To Haves

• Prior experience with SOC workflows, ticket-driven triage, or incident response processes.
• Familiarity with common security tooling categories (EDR, SIEM, MDR, email security, DNS filtering, MFA, Vulnerability Management).
• Basic scripting skills (PowerShell and/or Python) to support repeatable operations and evidence collection.
• Certifications such as Security+, Microsoft fundamentals, or equivalent experience.

Responsibilities

• Own security-related tickets from creation through resolution within defined scope.
• Review alerts and cases, validate whether activity is benign or suspicious, and determine customer impact.
• Perform initial investigation using available telemetry and platform data to establish what happened and what systems or identities are involved.
• Execute approved response actions using documented runbooks (for example: isolate endpoint, disable account, block indicator, initiate scan, collect artifacts), when authorized and appropriate.
• Maintain situational awareness during active incidents and keep ticket timelines accurate and current.
• Monitor vulnerability scanning platforms and reports to identify new, recurring, or critical vulnerabilities.
• Validate scan results across all managed assets and prioritize severity, exposure and relevance.
• Apply documented prioritization criteria to determine remediation urgency.
• Escalate to the Security Engineer when incidents exceed defined scope, require advanced analysis, involve high business impact, or indicate coordinated or ongoing threat activity.
• Provide high-quality handoffs including: what was observed, what was validated, actions taken, evidence collected, and recommended next steps.
• Escalate to the Managed Services Team Lead for customer communication, dispatch coordination, and onsite actions when needed.
• Collaborate with NOC and Maintenance roles when incidents intersect with outages, backups, patching, identity access, or broader operational issues.
• Coordinate with internal teams and customers to support vulnerability remediation.
• Track progress and validate vulnerability remediations.
• Identify remediation issues and escalate to appropriate parties.
• Perform routine operational checks of security platforms to ensure agents, connectors, sensors, and integrations are healthy and reporting.
• Maintain baseline operational readiness for security platforms, including verifying critical coverage and reporting on gaps.
• Support routine tuning work by documenting noise patterns and proposing improvements to the Security Engineer.
• Document all investigative steps, findings, evidence, and actions taken in the ticketing system using established standards.
• Follow incident handling procedures, escalation criteria, and change management requirements when executing response actions.
• Maintain and improve SOC runbooks and quick-reference procedures for common alert types, recurring event patterns and remediations.
• Contribute to consistent, repeatable security operations across customer environments.