Cybersecurity Engineer - Level 2

About Rhodian Group Rhodian Group helps businesses build and manage their network environments with predictably priced managed IT services so they can focus on their core strengths and growth initiatives. They also help businesses identify and reduce cybersecurity and non-compliance risks. Their combination of IT, cybersecurity, and compliance services helps businesses operate safely, while complying with industry mandates and regulatory requirements. Role Overview  The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively.  Key Responsibilities  Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools  Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access  Perform root-cause analysis and document incident findings and remediation actions  Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity  Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers  Respond to security incidents in accordance with established incident response playbooks and SLAs  Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence  Assist with vulnerability management findings and validation of remediation  Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms  Maintain accurate case notes, incident reports, and security documentation  Collaborate with IT, engineering, and security teams to improve overall security posture  Required Qualifications  2+ years of hands-on experience in a SOC, cybersecurity, or security operations role  Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)  Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems  Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)  Understanding of the incident response lifecycle and security alert triage  Working knowledge of common attack techniques and indicators of compromise (IOCs)  Experience with the MITRE ATT&CK framework  Strong documentation and communication skills  Preferred Qualifications  Experience in an MSP or multi-tenant SOC environment  Familiarity with SOAR tools and automation workflows  Exposure to cloud security logging (Azure, AWS, Microsoft 365)  Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7)  Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python)  Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User  What Success Looks Like  Security alerts are investigated accurately and efficiently  Incidents are escalated with high-quality analysis and evidence  SIEM detections improve over time through tuning and feedback  Threats are identified early, contained effectively, and documented clearly  Strong collaboration with SOC peers and senior security engineers Locations: Remote (United States)