We are seeking a skilled and proactive Cyber Security Engineer (L2) with 5–7 years of hands-on experience in cybersecurity operations, monitoring, incident response, and security engineering. The ideal candidate will play a key role in identifying, analyzing, and mitigating security threats while supporting and improving the organization’s overall security posture.

• Monitor, analyze, and respond to security alerts and incidents escalated from L1 teams.
  

  
  

• Perform in-depth investigation of security incidents, including malware infections, phishing attacks, data breaches, and unauthorized access attempts.
  

  
  

• Conduct root cause analysis and recommend corrective and preventive actions.
  

  
  

• Configure, manage, and fine-tune security tools such as SIEM, EDR/XDR, IDS/IPS, DLP, WAF, and vulnerability management tools.
  

  
  

• Perform vulnerability assessments and support remediation efforts in coordination with IT and application teams.
  

  
  

• Develop, update, and maintain incident response playbooks, standard operating procedures (SOPs), and security documentation.
  

  
  

• Support threat hunting activities by analyzing logs, network traffic, and endpoint behavior.
  

  
  

• Assist in security audits, risk assessments, and compliance activities (ISO 27001, SOC 2, PCI DSS, etc.).
  

  
  

• Collaborate with cross-functional teams to implement security controls and best practices.
  

  
  

• Provide guidance and mentoring to L1 security analysts.
  

  
  

• Stay current with emerging threats, vulnerabilities, and industry trends.
  

  
  

• 5–7 years of experience in cybersecurity operations, SOC, or security engineering roles.
  

  
  

• Strong knowledge of security concepts including network security, endpoint security, IAM, encryption, and secure architectures.
  

  
  

• Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Sentinel, ArcSight).
  

  
  

• Experience with endpoint security tools (EDR/XDR) and network security solutions (firewalls, IDS/IPS, VPNs).
  

  
  

• Solid understanding of operating systems (Windows, Linux) and networking fundamentals (TCP/IP, DNS, HTTP/S).
  

  
  

• Experience in incident response, log analysis, and threat investigation.
  

  
  

• Familiarity with vulnerability scanning tools (Nessus, Qualys, Rapid7) and remediation processes.
  

  
  

• Knowledge of common attack frameworks such as MITRE ATT&CK.
  

  
  

• Good scripting knowledge (Python, PowerShell, or Bash) is an added advantage Preferred Certifications:
  

  
  

• CEH, Security+, CySA+, or equivalent
  

  
  

• CISSP (preferred but not mandatory)
  

  
  

• GIAC certifications (GCIH, GCED, GCIA) – added advantage