Monitor, triage, and investigate security alerts from SIEM/EDR; perform incident response, root-cause analysis, threat hunting, SIEM tuning, documentation, and escalate complex incidents to senior teams.
About Rhodian Group
Rhodian Group helps businesses build and manage their network environments with predictably priced managed IT services so they can focus on their core strengths and growth initiatives. They also help businesses identify and reduce cybersecurity and non-compliance risks. Their combination of IT, cybersecurity, and compliance services helps businesses operate safely, while complying with industry mandates and regulatory requirements.
Role Overview
The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively.
Key Responsibilities
- Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools
- Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access
- Perform root-cause analysis and document incident findings and remediation actions
- Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity
- Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers
- Respond to security incidents in accordance with established incident response playbooks and SLAs
- Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence
- Assist with vulnerability management findings and validation of remediation
- Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms
- Maintain accurate case notes, incident reports, and security documentation
- Collaborate with IT, engineering, and security teams to improve overall security posture
Required Qualifications
- 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role
- Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)
- Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems
- Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)
- Understanding of the incident response lifecycle and security alert triage
- Working knowledge of common attack techniques and indicators of compromise (IOCs)
- Experience with the MITRE ATT&CK framework
- Strong documentation and communication skills
Preferred Qualifications
- Experience in an MSP or multi-tenant SOC environment
- Familiarity with SOAR tools and automation workflows
- Exposure to cloud security logging (Azure, AWS, Microsoft 365)
- Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7)
- Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python)
- Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User
What Success Looks Like
- Security alerts are investigated accurately and efficiently
- Incidents are escalated with high-quality analysis and evidence
- SIEM detections improve over time through tuning and feedback
- Threats are identified early, contained effectively, and documented clearly
- Strong collaboration with SOC peers and senior security engineers
Similar Jobs
Insurance • Software
The Senior Cybersecurity Engineer will enhance security across cloud infrastructure, manage security tooling, and support compliance efforts while collaborating with various teams to protect sensitive financial data.
Top Skills:
AWSAzureCentralized LoggingCspmEdrGCPIamSIEMXdr
Artificial Intelligence • Information Technology • Machine Learning • Marketing Tech • Software • Biotech • Design
The Senior Cybersecurity Engineer will enhance security engineering by conducting assessments, designing proactive solutions, and automating tasks, while collaborating with teams to protect data and systems.
Top Skills:
Ai AgentsAWSAzureGCPLlm-Based SolutionsPythonTypescript
Information Technology • Consulting
Lead Cybersecurity Engineer responsible for developing threat detection capabilities, automating incident responses, and collaborating with clients to strengthen cybersecurity posture using advanced technologies.
Top Skills:
SparkEdrNdrPythonSIEMSoarSQL
What you need to know about the San Francisco Tech Scene
San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
