Security Operations Engineer

Security Operations Engineer (Level 2) Location:Hyderabad (India) Department: Cybersecurity / Security Operations Job Type: Full-Time

Position Summary

We are seeking a skilled and detail-oriented Security Operations Engineer (L2) to support and advance our organization's cybersecurity posture. This role sits within the Security Operations Center (SOC) and is responsible for responding to security incidents, analyzing logs and alerts, performing threat hunting, and supporting incident response efforts. The ideal candidate has prior experience in a SOC or security operations environment, solid understanding of security tools and cloud environments, and the ability to work effectively in a fast-paced, distributed team.

Key Responsibilities

• Monitor and triage security alerts from SIEM, EDR, cloud logs, and other tools.
• Conduct deep-dive investigations into alerts, anomalies, and indicators of compromise (IOCs).

Level 2 incident response

• Correlate data from multiple sources to identify potential threats and vulnerabilities.
• Conduct

  threat hunting

  activities using telemetry (e.g., DNS, network, endpoint, and cloud logs).
• Escalate advanced incidents as needed with proper documentation.

Participate in regular SOC operations and on-call rotations.

• Assist in fine-tuning security tools, detection rules, and alerts (SIEM, EDR, IDS, WAF, etc.).

Support security assessments and audits with relevant data and context.

Required Qualifications

• 57 years of experience in security operations, incident response, or threat analysis.
• Hands-on experience with

  at least two of the following: SIEM

  (Rapid 7 IDR, Sentinel, etc.),

  EDR

  (CrowdStrike, Microsoft), SOAR platforms, IDS/IPS, or cloud security tools.
• Proficiency in analyzing logs: Windows Event Logs, Linux syslogs, AWS/CloudTrail, firewall logs, etc.
• Working knowledge of

  threat actors, tactics, techniques, and procedures (TTPs)

  (MITRE ATT&CK).
• Familiarity with , malware behavior, phishing indicators, and security frameworks.
• Strong analytical and problem-solving skills. Ability to document findings, provide incident timelines, and escalate with clarity.

Preferred Qualifications

• Certifications:

  Security+, CySA+, GCIA, GCIH, GCFA, CEH, or equivalent

  . Experience in cloud environments (AWS, Azure, GCP), including use of CloudTrail, GuardDuty, or CloudWatch. Scripting or automation experience in Python, PowerShell, or Bash. Exposure to regulatory requirements (ISO 27001, SOC2, PCI-DSS, etc.). Knowledge of Zero Trust architecture and secure access practices.