SOC L2/L3 Engineer
Remote · Warsaw, Mazovia, Poland or Kyiv, Kyiv City, Ukraine
Job Summary
SOC L2/L3 Engineer responsible for building and operationalizing the SIEM from PoC to production, designing and tuning detection rules mapped to MITRE ATT&CK, triaging L2/L3 alerts, leading incident response and basic forensics, onboarding log sources (AWS, JumpCloud, Google Workspace, CDE, SWIFT), conducting threat hunts, and developing runbooks and automation via SOAR or scripting. Role emphasizes defining SOC metrics, monthly management reporting, and ownership of the detection stack in a fintech-like payments environment. Ideal candidate has hands-on SIEM experience, detection engineering skills, cloud log proficiency, scripting ability, threat understanding, and disciplined investigation practices.
Required Qualifications
- 3+ years in SOC / Detection & Response at L2/L3 level
- hands-on investigation experience
- experience building or operating a SIEM
- writing and tuning detection rules
- MITRE ATT&CK mapping
- cloud log sources (AWS CloudTrail, GuardDuty, Google Workspace, EDR/XDR)
- Python or similar scripting for telemetry processing
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.