Security Operations Center (SOC) Engineer

Job Description

Job Description

Description:

Job Title: Security Operations Center (SOC) Engineer

Location: Northern Virginia

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Job Purpose:

The SOC Engineer plays a critical role in protecting the organization’s infrastructure and data by monitoring, analyzing, and responding to cybersecurity threats. This position ensures the effective operation of security technologies, provides incident response support, and helps optimize detection and prevention capabilities within the Security Operations Center (SOC). The SOC Engineer collaborates with IT, Cybersecurity, and business teams to strengthen defenses, minimize risk, and maintain compliance with security standards.

Duties & Responsibilities:

The SOC Engineer responsibilities include, but are not limited to:

• Monitor, analyze, and respond to security alerts and events from SIEM and other security appliances.
• Determine the relevance and priority of alerts; escalate incidents as appropriate.
• Tune and configure security appliances (IDS/IPS, next-gen firewalls, VPNs) to reduce false positives and optimize detection.
• Perform deep packet inspection, malware/phishing analysis, and forensic packet review using tools such as Wireshark or tcpdump.
• Participate in incident response activities, including investigation, containment, eradication, and recovery.
• Document security events, incidents, and processes in a clear, professional manner.
• Develop, implement, and maintain logging and auditing strategies in collaboration with IT and Cybersecurity, including integration of monitoring, SIEM, and ticketing systems.
• Provide subject matter expertise on security technologies such as IDS/IPS, firewalls, endpoint security, SIEM tools (Splunk, QRadar, Sentinel), and vulnerability management platforms (Nessus, Qualys, OpenVAS).
• Support the design, architecture, and deployment of secure network and cloud solutions across on-premises, hybrid, and cloud (AWS, Azure, GCP) environments.
• Collaborate with cross-functional teams to integrate security into network, application, and cloud operations.
• Develop SOPs, runbooks, and incident response playbooks aligned with ITIL, NIST, or DoD frameworks.
• Stay current with emerging cybersecurity threats, vulnerabilities, and advanced frameworks (e.g., Zero Trust, SASE).
• Mentor junior analysts and provide training to colleagues as needed.
• Ensure compliance with organizational standards, policies, and regulatory requirements (NIST, ISO 27001, CIS Controls, DoD 8530).

The SOC Engineer is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Network Engineering, or a related field (or equivalent experience).
• 3–5 years of experience in a SOC, NOSC, or cybersecurity engineering role, with hand-on operational or build experience.
• Strong understanding of TCP/IP, routing, switching, VLANs, VPNs, and firewall technologies (Palo Alto, Cisco ASA/Firepower).
• Proficiency with SIEM platforms (Splunk, QRadar, Sentinel) and monitoring tools (SolarWinds, PRTG, Zabbix, Datadog).
• Experience with IDS/IPS technologies, endpoint detection tools (CrowdStrike, SentinelOne, Microsoft Defender), and vulnerability management (Nessus, Qualys, OpenVAS).
• Familiarity with cloud security monitoring and controls in AWS, Azure, or GCP.
• Scripting and automation experience (Python, PowerShell, Ansible) strongly preferred.
• Familiarity with incident response processes and best practices.
• Strong understanding of cyber threats, attack vectors, and adversary tactics, techniques, and procedures (TTPs).
• Proficiency in analyzing logs, network traffic, and security events to identify anomalies.
• Relevant certifications strongly preferred: Security+, CEH, GCIA, GCIH, CISSP, CCNP Security, Splunk Certified Power User/Admin.
• Strong troubleshooting skills using network analysis and forensic tools.
• Familiarity with Zero Trust architectures, microsegmentation, and advanced security frameworks.
• Excellent communication and documentation skills; ability to explain technical security concepts clearly to both technical and non-technical audiences.
• Ability to work collaboratively in high-pressure situations and adapt to rapidly evolving threats.

Preferred Qualifications

• Cloud security expertise in AWS (Security Hub, GuardDuty), Azure (Defender, Sentinel), or GCP (Security Command Center).
• Experience with advanced automation/orchestration tools such as Terraform, Ansible, or Red Hat Ansible Automation.
• Familiarity with Zero Trust networking models, microsegmentation strategies, and SASE frameworks.
• Hands-on experience with forensic tools (FTK, EnCase, Volatility) or advanced packet analysis methods.
• Strong background in creating and managing incident response playbooks and operational runbooks.
• Prior experience building or enhancing SOC/NOSC environments and defining operational workflows.
• Additional certifications that would be advantageous:
• CISSP (Certified Information Systems Security Professional)
• CCNP Security / Enterprise
• Splunk Certified Power User or Admin
• GIAC certifications (GSEC, GCIA, GCIH, GCFA)
• PCNSE (Palo Alto Networks Certified Network Security Engineer)
• VMware VCP-NV (for network virtualization)
• Terraform Associate or other infrastructure-as-code certifications