SOC Engineer L2 - Tietoevry Create (m/f/d)

About the Role: We are seeking a highly skilled and motivated L2 SOC Engineer with 4-6 years of experience in implementing security solutions, maintenance and troubleshooting. The ideal candidate will have deep hands-on expertise with either IBM QRadar and/or Microsoft Sentinel SIEM platforms. You will play a crucial role in integration, monitoring, and analyzing to security tools/incidents, and contributing to the continuous improvement of our security posture.

Key Responsibilities:

• SIEM Administration & Optimization:
  • Support the administration, maintenance, and health monitoring of the SIEM platform (QRadar or Microsoft Sentinel).
  • Log source integration and parsing.
  • Assist with log source onboarding, parser development, and data normalization within the SIEM.
  • Contribute to the continuous improvement of SOC processes, playbooks, and standard operating procedures (SOPs).
• Security Monitoring & Incident Response:
  • Conduct thorough investigations to determine the scope, root cause, and impact of security incidents (e.g., malware infections, phishing attempts, unauthorized access, denial-of-service attacks).
  • Execute incident response procedures, including containment, eradication, and recovery, in accordance with established playbooks and industry best practices (e.g., NIST, MITRE ATT&CK).
  • Document all incident details, analysis findings, and remediation steps accurately and comprehensively in the incident management system.
  • Collaborate with cross-functional teams (IT operations, network, application development) to facilitate incident resolution and implement corrective actions.
  • Participate in on-call rotation as required to ensure 24/7 security coverage.

Required Skills and Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 4-6 years of hands-on experience in a Security Operations Center (SOC) environment.
• Strong expertise with either IBM QRadar and Microsoft Sentinel, including:
  • In-depth knowledge of SIEM components and how it works.
  • Good troubleshooting skills.
  • In-depth knowledge of log source integration troubleshooting.
  • Experience in developing and optimizing correlation rules, use cases, and dashboards.
  • Familiarity with log source integration and data ingestion.
  • (For QRadar): Experience with QRadar AQL (Ariel Query Language) and building blocks.
  • (For Sentinel): Proficiency with KQL (Kusto Query Language) and Azure security services (Azure AD, Azure Security Center, Azure Log Analytics).
• Strong knowledge of network protocols (TCP/IP, HTTP, DNS, SMTP, etc.) and network security concepts (firewalls, IDS/IPS, VPNs).
• Proficiency in analyzing logs from various sources (Windows Event Logs, Linux logs, firewall logs, web server logs, cloud logs).
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and data analysis is a plus.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences.
• Ability to work effectively both independently and as part of a team in a fast-paced environment.

Preferred Certifications (one or more highly desirable):

• Microsoft Certified: Azure Security Engineer Associate (for Sentinel focus)
• IBM Certified Analyst - Security QRadar SIEM

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity.

Diversity, equity and inclusion (tietoevry.com)