SOC Operations Engineer

Job Description

Job Location: Onsite in Davenport IA

Position Summary The SOC Operations Engineer is responsible for day-to-day security operations within external customer environments. This role handles security-driven tickets performs initial investigation and validation and executes approved response actions following documented procedures. The SOC Operations Engineer also performs routine operational maintenance on security products to ensure they remain healthy effective and aligned with standards. The SOC Operations Engineer is additionally responsible for supporting ongoing vulnerability management activities across managed customer environments. This focuses on identifying validating tracking and executing remediation of security weaknesses in a customer environment via a structured and repeatable manner using our toolsets. This role is for someone who thrives on investigation and decisive response. The SOC Operations Engineer builds expertise by owning security cases end-to-end within scope executing proven playbooks and collaborating closely with the Security Engineer on higher-complexity events.

Escalation Path Security Engineer (as required)

Key Responsibilities Security Ticket Triage and Response (Primary Responsibility)

• Own security-related tickets from creation through resolution within defined scope.
• Review alerts and cases validate whether activity is benign or suspicious and determine customer impact.
• Perform initial investigation using available telemetry and platform data to establish what happened and what systems or identities are involved.
• Execute approved response actions using documented runbooks (for example: isolate endpoint disable account block indicator initiate scan collect artifacts) when authorized and appropriate.
• Maintain situational awareness during active incidents and keep ticket timelines accurate and current.
• Monitor vulnerability scanning platforms and reports to identify new recurring or critical vulnerabilities.
• Validate scan results across all managed assets and prioritize severity exposure and relevance.
• Apply documented prioritization criteria to determine remediation urgency.

Escalation and Collaboration

• Escalate to the Security Engineer when incidents exceed defined scope require advanced analysis involve high business impact or indicate coordinated or ongoing threat activity.
• Provide high-quality handoffs including: what was observed what was validated actions taken evidence collected and recommended next steps.
• Escalate to a Team Lead for customer communication dispatch coordination and onsite actions when needed.
• Collaborate with NOC and Maintenance roles when incidents intersect with outages backups patching identity access or broader operational issues.
• Coordinate with internal teams and customers to support vulnerability remediation.
• Track progress and validate vulnerability remediations.
• Identify remediation issues and escalate to appropriate parties.

Security Product Operations and Routine Maintenance

• Perform routine operational checks of security platforms to ensure agents connectors sensors and integrations are healthy and reporting.
• Maintain baseline operational readiness for security platforms including verifying critical coverage and reporting on gaps.
• Support routine tuning work by documenting noise patterns and proposing improvements to the Security Engineer.

Documentation and Process Adherence

• Document all investigative steps findings evidence and actions taken in the ticketing system using established standards.
• Follow incident handling procedures escalation criteria and change management requirements when executing response actions.
• Maintain and improve SOC runbooks and quick-reference procedures for common alert types recurring event patterns and remediations.
• Contribute to consistent repeatable security operations across customer environments.

Professional Development Expectations

• Build proficiency in tool usage investigation workflow and incident response fundamentals.
• Participate in structured training tabletop exercises and after-action reviews to improve decision-making and consistency.
• Develop the ability to recognize when to act when to escalate and when to stop and gather more evidence.

Key Performance Goals

• Time to Triage: Actionable security tickets are validated and updated promptly during business hours.
• Escalation Quality: Escalations include sufficient context and evidence to allow rapid Security Engineer action without rework.
• Operational Hygiene: Routine checks identify coverage gaps and tool health issues before they become customer-impacting failures.
• Repeat Alert Reduction: Recurring noise patterns are consistently identified and documented for tuning and improvement.
• Process Compliance: Response actions follow approved procedures with reliable documentation and clear timelines.
• Remediation Mindset: Identified vulnerabilities from approved scanning sources are reviewed validated and logged within defined service timelines.

Minimum Qualifications

• 1 years in IT operations IT service delivery or a security-adjacent technical role.
• Familiarity with endpoint protection concepts identity fundamentals and common security alert categories.
• Strong troubleshooting ability and a disciplined approach to evidence gathering and validation.
• Strong written communication skills in a ticketing system.
• Ability to learn quickly and follow procedures consistently under pressure.

Preferred Qualifications

• Prior experience with SOC workflows ticket-driven triage or incident response processes.
• Familiarity with common security tooling categories (EDR SIEM MDR email security DNS filtering MFA Vulnerability Management).
• Basic scripting skills (PowerShell and/or Python) to support repeatable operations and evidence collection.
• Certifications such as Security Microsoft fundamentals or equivalent experience.