Monitor, triage, and investigate security alerts from SIEM/EDR; perform incident response, root-cause analysis, threat hunting, SIEM tuning, documentation, and escalate complex incidents to senior teams.
About Rhodian Group
Rhodian Group helps businesses build and manage their network environments with predictably priced managed IT services so they can focus on their core strengths and growth initiatives. They also help businesses identify and reduce cybersecurity and non-compliance risks. Their combination of IT, cybersecurity, and compliance services helps businesses operate safely, while complying with industry mandates and regulatory requirements.
Role Overview
The Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively.
Key Responsibilities
- Monitor and triage security alerts generated by SIEM, EDR, and security monitoring tools
- Investigate security incidents including phishing, malware, endpoint compromise, and unauthorized access
- Perform root-cause analysis and document incident findings and remediation actions
- Tune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelity
- Conduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providers
- Respond to security incidents in accordance with established incident response playbooks and SLAs
- Escalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidence
- Assist with vulnerability management findings and validation of remediation
- Support log ingestion, parsing, normalization, and retention requirements for SIEM platforms
- Maintain accurate case notes, incident reports, and security documentation
- Collaborate with IT, engineering, and security teams to improve overall security posture
Required Qualifications
- 2+ years of hands-on experience in a SOC, cybersecurity, or security operations role
- Practical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)
- Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systems
- Familiarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)
- Understanding of the incident response lifecycle and security alert triage
- Working knowledge of common attack techniques and indicators of compromise (IOCs)
- Experience with the MITRE ATT&CK framework
- Strong documentation and communication skills
Preferred Qualifications
- Experience in an MSP or multi-tenant SOC environment
- Familiarity with SOAR tools and automation workflows
- Exposure to cloud security logging (Azure, AWS, Microsoft 365)
- Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7)
- Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python)
- Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified User
What Success Looks Like
- Security alerts are investigated accurately and efficiently
- Incidents are escalated with high-quality analysis and evidence
- SIEM detections improve over time through tuning and feedback
- Threats are identified early, contained effectively, and documented clearly
- Strong collaboration with SOC peers and senior security engineers
Similar Jobs
Insurance • Software
The Senior Cybersecurity Engineer will enhance security across cloud infrastructure, manage security tooling, and support compliance efforts while collaborating with various teams to protect sensitive financial data.
Top Skills:
AWSAzureCentralized LoggingCspmEdrGCPIamSIEMXdr
Artificial Intelligence • Information Technology • Machine Learning • Marketing Tech • Software • Biotech • Design
The Senior Cybersecurity Engineer will enhance security engineering by conducting assessments, designing proactive solutions, and automating tasks, while collaborating with teams to protect data and systems.
Top Skills:
Ai AgentsAWSAzureGCPLlm-Based SolutionsPythonTypescript
Information Technology • Consulting
Lead Cybersecurity Engineer responsible for developing threat detection capabilities, automating incident responses, and collaborating with clients to strengthen cybersecurity posture using advanced technologies.
Top Skills:
SparkEdrNdrPythonSIEMSoarSQL
What you need to know about the NYC Tech Scene
As the undisputed financial capital of the world, New York City is an epicenter of startup funding activity. The city has a thriving fintech scene and is a major player in verticals ranging from AI to biotech, cybersecurity and digital media. It also has universities like NYU, Columbia and Cornell Tech attracting students and researchers from across the globe, providing the ecosystem with a constant influx of world-class talent. And its East Coast location and three international airports make it a perfect spot for European companies establishing a foothold in the United States.
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory
