Cyber Security Engineer - Remote U.S.

Job Description

• Monitor, investigate, and respond to security alerts escalated from SOC analysts.
• Perform in-depth analysis of logs and endpoint data to identify indicators of compromise (IOCs) and determine root cause.
• Participate in incident containment, mitigation, and remediation efforts.
• Coordinate with cross-functional teams (IT, Legal, Risk) during security incidents.
• Support threat hunting initiatives and continuous tuning of detection tools (SIEM(s), EDR, IDS).
• Document incident response activities and produce post-incident reports.
• Mentor SOC analysts and contribute to playbook and process development.
• Engage in continuous learning and cross-training to develop expertise in both security engineering and incident response.
• Contribute to the evaluation and implementation of new security tools and technologies.
• Collaborate with other teams to ensure security best practice and defined policies are integrated into all aspects of the business.

• 2–4 years of experience in a security operations or incident response role.
• Proficiency with SIEM tools (e.g., Splunk, QRadar, Sentinel) and endpoint detection tools (e.g., CrowdStrike, SentinelOne).
• Strong understanding of TCP/IP, operating systems (Windows/Linux), malware behaviors, and common attack vectors (e.g., phishing, ransomware, lateral movement).
• Experience analyzing logs from various sources: firewalls, proxies, IDS/IPS, and authentication systems. (e.g., KQL, CQL, RegEx)
• Ability to work under pressure and manage multiple incidents simultaneously.
• Excellent verbal and written communication skills.
• Bachelor’s degree or equivalent/years of experience required.
• Advanced certifications such as CISSP, CISA, or CESSLP, MS-500, AZ-500 strongly preferred

• Fully remote position
• Minimal travel is expected
• Participation in an after-hours On-Call rotation