About Rhodian GroupRhodian Group helps businesses build and manage their network environments with predictably priced managed IT services so they can focus on their core strengths and growth initiatives. They also help businesses identify and reduce cybersecurity and non-compliance risks. Their combination of IT, cybersecurity, and compliance services helps businesses operate safely, while complying with industry mandates and regulatory requirements.Role OverviewThe Cybersecurity Level 2 Engineer plays a critical role in the Security Operations Center (SOC), responsible for monitoring, investigating, and responding to security alerts and incidents across client or enterprise environments. This role requires hands-on experience with SIEM platforms, endpoint security tools, and incident response processes, with the ability to escalate and remediate threats effectively.Key ResponsibilitiesMonitor and triage security alerts generated by SIEM, EDR, and security monitoring toolsInvestigate security incidents including phishing, malware, endpoint compromise, and unauthorized accessPerform root-cause analysis and document incident findings and remediation actionsTune SIEM detection rules, alerts, and dashboards to reduce false positives and improve fidelityConduct threat hunting activities using logs from endpoints, networks, cloud platforms, and identity providersRespond to security incidents in accordance with established incident response playbooks and SLAsEscalate complex or high-risk incidents to Level 3 or Incident Response teams with detailed context and evidenceAssist with vulnerability management findings and validation of remediationSupport log ingestion, parsing, normalization, and retention requirements for SIEM platformsMaintain accurate case notes, incident reports, and security documentationCollaborate with IT, engineering, and security teams to improve overall security postureRequired Qualifications2+ years of hands-on experience in a SOC, cybersecurity, or security operations rolePractical experience working with SIEM platforms (Splunk, Microsoft Sentinel, LogRhythm, QRadar, Elastic)Experience analyzing logs from endpoints, firewalls, IDS/IPS, cloud, and identity systemsFamiliarity with EDR tools (CrowdStrike, SentinelOne, Microsoft Defender, Datto EDR)Understanding of the incident response lifecycle and security alert triageWorking knowledge of common attack techniques and indicators of compromise (IOCs)Experience with the MITRE ATT&CK frameworkStrong documentation and communication skillsPreferred QualificationsExperience in an MSP or multi-tenant SOC environmentFamiliarity with SOAR tools and automation workflowsExposure to cloud security logging (Azure, AWS, Microsoft 365)Experience with vulnerability scanning tools (Qualys, Nessus, Rapid7)Basic scripting or query experience (KQL, SPL, SQL, PowerShell, Python)Relevant certifications: Security+, CySA+, SC-200, Splunk Core Certified UserWhat Success Looks LikeSecurity alerts are investigated accurately and efficientlyIncidents are escalated with high-quality analysis and evidenceSIEM detections improve over time through tuning and feedbackThreats are identified early, contained effectively, and documented clearlyStrong collaboration with SOC peers and senior security engineers