[Remote] SOC Engineer--REMOTE/ Washington, DC
Note: The job is a remote job and is open to candidates in USA. Dice is the leading career destination for tech experts at every stage of their careers. Our client, Protos IT, is seeking a SOC Engineer to focus on engineering SOC data feed solutions, implementing SOAR capabilities, and ensuring feed health through cross-team collaboration.
Responsibilities
• Microsoft Sentinel Engineering: Maintain and optimize a Microsoft Sentinel SIEM/SOAR solution in alignment with client requirements, industry best practices, and federal compliance mandates.
• Data Integration: Configure and manage log/data feeds from diverse sources (e.g., Fluent Bit, Windows Events, M365, cloud services, endpoint/security platforms).
• Parsing & Normalization: Develop and refine log parsing rules using Regex, DCRs, and custom transformations to ensure accurate and usable data in Sentinel.
• SOAR Development: Engineer automation and orchestration solutions using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripts to improve SOC efficiency and incident response.
• Threat Detection Engineering: Build, tune, and optimize analytic rules, UEBA, dashboards, and reports to improve detection and response coverage.
• Collaboration: Partner with cross-functional teams (network, endpoint, cloud, IT ops) to integrate new data sources and deliver actionable SOC capabilities.
• Documentation & Knowledge Transfer: Develop and maintain clear documentation of SOC architecture, log source onboarding, and automation playbooks; provide training for SOC analysts on new tools and processes.
• Advisory & Improvement: Conduct gap analyses of existing SOC capabilities, recommend improvements, and contribute to SOC process maturity.
• Incident Response Support: Provide Tier 3 support and assist with complex investigations when required.
Skills
• 2 5 years of experience in network defense, SOC engineering, or cybersecurity operations.
• Hands-on experience with Microsoft Sentinel, including log onboarding, rule development, and automation.
• Proficiency with log parsing and normalization (Regex, Fluent Bit, DCRs, KQL).
• Strong scripting skills in PowerShell and/or Python for automation and data handling.
• Experience configuring and maintaining data feeds for SOC visibility (cloud, endpoint, network, and on-prem).
• Familiarity with incident response concepts, threat detection engineering, and SOAR workflows.
• Excellent written and verbal communication skills with ability to work across technical and non-technical teams.
• Bachelor s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5+ years of progressive cybersecurity/SOC experience (engineering and operations).
• Knowledge of federal cybersecurity mandates (M-21-31, NIST Cybersecurity Framework, CISA Incident/Vulnerability Playbooks, BOD 22-01).
• Experience with Microsoft Logic Apps, Azure Functions, or other SOAR development platforms.
• Experience with UEBA configuration to enhance anomaly detection.
• Background in AI/ML frameworks for cyber analytics.
• Experience building SOC metrics, dashboards, and reporting for operational visibility.
• Familiarity with M365, Azure security tools, ServiceNow workflows, and CISA CDM tools.
• Relevant certifications such as CISSP, CISM, Microsoft Security Operations Analyst (SC-200), or Azure Security Engineer (AZ-500).
Company Overview
• Welcome to Jobs via Dice, the go-to destination for discovering the tech jobs you want. It was founded in undefined, and is headquartered in , with a workforce of 0-1 employees. Its website is https://www.dice.com.
Apply tot his job
Apply To this Job