← All open roles
SOC Engineer
Build and operate detection, response, and tooling supporting IdentityLogic's managed services and client SOC engagements. Identity-focused detection at the core: SIEM content, SOAR playbooks, and IAM telemetry integration.
What you'll do
- Build and tune SIEM detection content (Splunk, Sentinel, QRadar) with a focus on identity-aware detections
- Develop SOAR playbooks (XSOAR, Tines, Sentinel Logic Apps) for triage and response automation
- Triage and respond to identity-related alerts: anomalous logins, MFA bypass attempts, privilege escalation
- Integrate IAM platforms (SailPoint, Okta, CyberArk, Entra ID) with the SOC tooling stack for telemetry and response
- Run incident triage; document timelines; partner with client incident response teams
- Maintain on-call rotation for managed clients
What we need from you
- 4+ years SOC engineering or detection engineering experience
- Hands-on with at least one major SIEM and one SOAR platform
- Working knowledge of identity attack patterns and IAM telemetry sources
- Strong scripting (Python, PowerShell) for detection and automation
- Familiarity with MITRE ATT&CK and detection engineering best practices
- US-based with unrestricted work authorization
Bonus, not required
- GCIA, GCFA, GCIH, or equivalent SANS certification
- Prior detection engineering experience with identity-focused content (Kerberoasting, OAuth abuse, MFA fatigue)
- Experience with KQL, SPL, or equivalent SIEM query languages
What you'll get
Competitive base plus utilization and on-call premium. Paid certifications and conference sponsorship.