SOC Engineer

SOC Engineer

Location: Remote (DC Area Preferred - Quarterly onsite meetings required)

Contract Position

Clearance Required: Public Trust

About Our Client

Our client is a mission-driven organization operating within the federal space, committed to protecting critical infrastructure and maintaining robust cybersecurity operations. They provide essential services that support national security objectives and operate across multiple locations with a strong presence in the DC metropolitan area. The organization values innovation, collaboration, and continuous improvement in cybersecurity practices, adhering to federal compliance standards and industry best practices. Their team of cybersecurity professionals works to defend against evolving threats while maintaining operational excellence and supporting critical government missions.

Job Description

This SOC Engineer position is a critical role focused on engineering and optimizing Security Operations Center (SOC) capabilities, with primary responsibility for data feed solutions, SOAR implementation, and ensuring the health and effectiveness of security monitoring infrastructure. The ideal candidate will work at the intersection of engineering and operations, building automation solutions that enhance SOC efficiency while maintaining comprehensive threat detection coverage.

In this role, you'll be responsible for maintaining and advancing a Microsoft Sentinel SIEM/SOAR environment, integrating diverse data sources, and developing automation workflows that streamline incident response. You'll collaborate closely with cross-functional teams including network, endpoint, cloud, and IT operations to ensure comprehensive security visibility. Your work will directly impact the organization's ability to detect, respond to, and mitigate cybersecurity threats in real-time.

Additionally, you'll serve as the backup SOC Lead, stepping in to oversee operations, manage critical escalations, and provide situational updates to senior leadership during incidents when the primary lead is unavailable. The ideal candidate is passionate about cybersecurity engineering, automation, and building scalable solutions that improve security outcomes in complex, compliance-driven environments.

Duties and Responsibilities

• Maintain and optimize Microsoft Sentinel SIEM/SOAR solution in alignment with client requirements, industry best practices, and federal compliance mandates.
• Configure and manage log and data feeds from diverse sources including Fluent Bit, Windows Events, M365, cloud services, and endpoint/security platforms.
• Develop and refine log parsing rules using Regex, DCRs, and custom transformations to ensure accurate data normalization in Sentinel.
• Engineer automation and orchestration solutions using Microsoft Logic Apps, Azure Functions, and PowerShell/Python scripts to improve SOC efficiency.
• Build, tune, and optimize analytic rules, UEBA, dashboards, and reports to improve threat detection and response coverage.
• Partner with cross-functional teams to integrate new data sources and deliver actionable SOC capabilities.
• Develop and maintain clear documentation of SOC architecture, log source onboarding processes, and automation playbooks.
• Provide training and knowledge transfer to SOC analysts on new tools, processes, and detection capabilities.
• Conduct gap analyses of existing SOC capabilities and recommend improvements to enhance process maturity.
• Provide Tier 3 incident response support and assist with complex security investigations.
• Serve as backup SOC Lead, overseeing operations and managing escalations during critical incidents when primary lead is unavailable.

Required Experience/Skills

• U.S. Citizen with ability to obtain Public Trust clearance.
• 2–5 years of experience in network defense, SOC engineering, or cybersecurity operations.
• Hands-on experience with Microsoft Sentinel, including log onboarding, rule development, and automation implementation.
• Proficiency with log parsing and normalization techniques using Regex, Fluent Bit, DCRs, and KQL.
• Strong scripting skills in PowerShell and/or Python for automation and data handling.
• Experience configuring and maintaining data feeds for SOC visibility across cloud, endpoint, network, and on-premises environments.
• Familiarity with incident response concepts, threat detection engineering, and SOAR workflows.
• Excellent written and verbal communication skills with ability to collaborate across technical and non-technical teams.
• Strong understanding of cybersecurity fundamentals including network security, SIEM operations, incident response, and threat detection.

Nice-to-Haves

• Knowledge of federal cybersecurity mandates such as M-21-31, NIST Cybersecurity Framework, CISA Incident/Vulnerability Playbooks, and BOD 22-01.
• Experience with Microsoft Logic Apps, Azure Functions, or other SOAR development platforms.
• Experience configuring UEBA to enhance anomaly detection capabilities.
• Background in AI/ML frameworks for cyber analytics.
• Experience building SOC metrics, dashboards, and reporting solutions for operational visibility.
• Familiarity with M365, Azure security tools, ServiceNow workflows, and CISA CDM tools.
• Relevant certifications such as CISSP, CISM, Microsoft Security Operations Analyst (SC-200), or Azure Security Engineer (AZ-500).

Education

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5+ years of progressive cybersecurity/SOC experience in both engineering and operations roles.

Pay & Benefits Summary

Up to $63/hr W2

Call-to-Action

Ready to make an impact in federal cybersecurity? Apply today!

Submit your application to join a mission-focused team dedicated to protecting critical infrastructure and advancing SOC capabilities.

SOC Engineer | Microsoft Sentinel | SIEM | SOAR | Cybersecurity | Threat Detection | Security Automation | KQL | PowerShell | Python | Remote Cybersecurity Jobs