Cybersecurity Engineer - Level 2

About Rhodian Group

Rhodian Group helps businesses build and manage their network environments with predictably priced managed IT services so they can focus on their core strengths and growth initiatives. They also help businesses identify and reduce cybersecurity and non-compliance risks. Their combination of IT, cybersecurity, and compliance services helps businesses operate safely, while complying with industry mandates and regulatory requirements.

Role Overview 

The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively. 

Key Responsibilities 

• Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools 

• Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access 

• Perform root-cause analysis and document incident findings and remediation actions 

• Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity 

• Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers 

• Respond to security incidents in accordance with established incident response playbooks and SLAs 

• Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence 

• Assist with vulnerability management findings and validation of remediation 

• Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms 

• Maintain accurate case notes, incident reports, and security documentation 

• Collaborate with IT, engineering, and security teams to improve overall security posture 

Required Qualifications 

• 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role 

• Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic) 

• Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems 

• Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR) 

• Understanding of the incident response lifecycle and security alert triage 

• Working knowledge of common attack techniques and indicators of compromise (IOCs) 

• Experience with the MITRE ATT&CK framework 

• Strong documentation and communication skills 

Preferred Qualifications 

• Experience in an MSP or multi-tenant SOC environment 

• Familiarity with SOAR tools and automation workflows 

• Exposure to cloud security logging (Azure, AWS, Microsoft 365) 

• Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7) 

• Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python) 

• Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User 

What Success Looks Like 

• Security alerts are investigated accurately and efficiently 

• Incidents are escalated with high-quality analysis and evidence 

• SIEM detections improve over time through tuning and feedback 

• Threats are identified early, contained effectively, and documented clearly 

• Strong collaboration with SOC peers and senior security engineers