SOC Engineer

About Mobiz

Mobiz is a global technology services leader Microsoft-aligned managed services and cloud solutions provider empowering mid-market and enterprise organizations across North America and the Middle East. We deliver end-to-end IT operations Modern Work and Security Data and AI cybersecurity infrastructure and digital transformation servicesdriving resilience innovation and measurable business impact at scale.

With a Solutions Partner designation and active pursuit of Azure Expert MSP status Mobiz combines the agility of a boutique consultancy with the delivery rigor of a tier-1 NOC and SOC teams operate as the always-on backbone of client environments monitoring thousands of endpoints network nodes and cloud workloads around the clock.

What Can You Expect

Every day at Mobiz we work with a deep sense of purpose. We continuously innovate. Our mission is to empower our clients to do more through transformation. Youll work in a collaborative environment alongside highly talented people that improve client operations and exceed expectations. We strive to simplify technology challenges and no less.

Who Are We Looking For

The SOC Engineer is a mid-level security operations practitioner on Mobizs 247 Security Operations Center team responsible for monitoring investigating and responding to security threats across a portfolio of managed client environments. This role goes beyond alert acknowledgement SOC Engineers are expected to own the investigation lifecycle for assigned cases apply structured analytical thinking to determine threat validity and scope execute response actions per defined playbooks and document findings to an evidentiary standard. Working under the direction of the SOC Manager this engineer interfaces directly with Microsoft Sentinel Defender XDR and endpoint detection tools daily and will participate in real-world incident response engagements including ransomware BEC and identity compromise giving mid-career security professionals hands-on experience that would typically require years in a larger enterprise SOC.

Key Responsibilities

Alert Triage & Investigation

• Monitor client security environments across SIEM EDR email security and identity platforms throughout assigned shift using Microsoft Sentinel and Defender XDR dashboards.
• Acknowledge assess and prioritize incoming security alerts within defined SLA windows; distinguish true positives from false positives using structured triage methodology.
• Conduct end-to-end investigation of assigned incidents correlating signals across log sources mapping observed behavior to MITRE ATT&CK tactics and techniques and determining blast radius.
• Execute containment and remediation actions per approved playbooks: host isolation account disablement token revocation firewall rule deployment and email quarantine.
• Escalate confirmed P1 security incidents to the SOC Manager with a complete investigation package timeline affected assets indicators of compromise (IOCs) and recommended next steps.
• Create and maintain accurate well-structured ServiceNow security incident records throughout the investigation lifecycle.

Threat Detection & Analysis

• Perform log-based analysis using KQL across Microsoft Sentinel workspaces querying identity network endpoint and cloud audit logs to surface attacker behavior.
• Analyze alerts from Microsoft Defender for Endpoint (MDE) Defender for Identity (MDI) Defender for Office 365 (MDO) and Defender for Cloud Apps (MDCA) for threat validity and lateral movement indicators.
• Review and triage identity-based alert patterns: unusual sign-in activity MFA bypass attempts Entra ID risky sign-ins Conditional Access failures and service principal anomalies.
• Investigate email-based threats: phishing BEC indicators malicious attachment analysis and spoofing pattern review within Defender for Office 365 and message trace.
• Support proactive threat hunting operations directed by the SOC Manager execute defined hunt hypotheses document findings and flag patterns for detection rule development.

Incident Response Support

• Participate in P1 incident response bridge calls as a technical contributor providing investigation findings asset context and real-time log analysis to the incident commander.
• Execute host-level response actions via MDE or CrowdStrike: live response sessions memory artifact collection process termination and network isolation.
• Assist with identity containment actions during active incidents: account disablement session revocation in Entra ID PIM role removal and OAuth token invalidation.
• Support evidence collection and chain-of-custody documentation for incidents involving legal insurance or regulatory stakeholders.
• Contribute to post-incident review (PIR) documentation providing accurate technical timelines IOC lists and attack path reconstruction to support the SOC Managers PIR output.

Detection & Playbook Quality

• Review assigned detection rules in Microsoft Sentinel for tuning opportunities identify false-positive sources propose threshold adjustments and validate changes in a test environment.
• Execute and follow SOC playbooks precisely; flag procedural gaps ambiguous steps or missing runbook coverage to the SOC Manager for revision.
• Author knowledge base articles and investigation notes in ServiceNow following resolution of novel or complex incidents to support team learning.
• Maintain IOC lists watchlists and threat actor TTP notes within Sentinel and the teams threat intelligence repository.
• Stay current on emerging threats CVEs and attacker techniques relevant to the Microsoft cloud and hybrid environments Mobiz clients operate in.

Client & Operational Communication

• Provide clear professional incident status updates to the SOC Manager and where directed to client IT contacts during active security events.
• Contribute data and investigation summaries to monthly Security Operations Reports (SORs) as requested by the SOC Manager.
• Coordinate with the NOC team on shared alert queues route infrastructure-layer events correctly and maintain clear escalation boundaries between NOC and SOC functions.
• Participate in shift handovers with complete operational context open cases active hunts suppressed alerts and any client-specific situational awareness.

Candidate Profile: Requirements & Preferred Qualifications

Required Qualifications

• Bachelors degree in IT Computer Science or relevant field.
• 35 years of information security experience with direct SOC MSSP or security operations responsibilities.
• Hands-on experience with Microsoft Sentinel KQL query writing for investigation (not rule authoring required) alert review incident management and workbook consumption.
• Working knowledge of the Microsoft Defender XDR suite: at minimum Defender for Endpoint (MDE) and Defender for Office 365 (MDO) for daily triage and response.
• Solid understanding of identity-based attack patterns: credential theft Pass-the-Hash MFA fatigue Entra ID risky sign-ins and OAuth application abuse.
• Familiarity with MITRE ATT&CK framework ability to map observed alert activity to tactics and techniques without reference documentation.
• Experience writing and closing structured security incident records in ServiceNow or an equivalent ITSM platform.
• Demonstrated ability to independently triage and investigate P2-level security incidents with defensible documentation.
• Strong written communication able to produce clear incident timelines executive-facing summaries and technical IOC reports.
  

Preferred Qualifications

• Microsoft SC-200 (Security Operations Analyst) certification or actively pursuing.
• Additional Microsoft certifications: SC-300 (Identity & Access Administrator) AZ-500 (Azure Security Engineer).
• CompTIA CySA or GIAC certifications (GCIA GCIH) or equivalent vendor-neutral security operations credential.
• Experience with CrowdStrike Falcon EDR alert triage threat graph review and basic response actions.
• Exposure to SOAR tooling Azure Logic Apps playbooks Sentinel automation rules or equivalent.
• Basic scripting skills: KQL (intermediate) PowerShell or Python for log parsing enrichment and response automation.
• Familiarity with email forensics: header analysis attachment detonation and phishing kit identification.
• Exposure to network security monitoring: firewall log analysis (Palo Alto Fortinet) NetFlow review or IDS/IPS alert triage.
  

Core Technical Skill Set

• SIEM: Microsoft Sentinel analytics rules incidents workbooks hunting SOAR playbooks
• EDR / XDR: Microsoft Defender for Endpoint CrowdStrike Falcon (client-dependent)
• Email & Collaboration Security: Defender for Office 365 (MDO) message trace attack simulation
• Identity Security: Defender for Identity (MDI) Microsoft Entra ID PIM Conditional Access risky sign-in review
• Cloud Security: Defender for Cloud Apps (MDCA) Defender for Cloud Azure Security Center
• ITSM: ServiceNow (Security Incidents Cases Knowledge Timecards)
• Network Security: Palo Alto Panorama Fortinet FortiManager WatchGuard (log triage and firewall rule review)
• Threat Intelligence: Microsoft Threat Intelligence ISAC feeds vendor CVE advisories
• Automation: Azure Logic Apps Sentinel automation rules PowerShell
• Productivity: Microsoft 365 (Teams Outlook SharePoint OneNote)
  

Core Competencies (Power Skills)

• Critical Thinking & Threat Analysis
• Incident Response & Decision Making
• Problem Solving & Root Cause Analysis
• Communication & Technical Reporting
• Attention to Detail
• Ownership & Accountability
• Time & Priority Management
• Adaptability in High-Pressure Environments
• Collaboration & Cross-Functional Coordination
• Analytical Thinking & Investigation Skills
  

What We Offer

• A team of bright hard-working and innovative people that will contribute to your growth.
• Competitive Salary and comprehensive benefits plan.
• A dynamic and collaborative work environment with opportunity to work with cutting-edge technology and innovative solutions.

Other
This is a full-time on-site position based in Karachi Pakistan.

Equal Opportunity & Diversity Commitment

At Mobiz we believe that diverse perspectives experiences and backgrounds strengthen our organization and drive innovation. We are committed to fostering an inclusive workplace where all employees are valued respected and empowered to succeed. As an equal opportunity employer we make employment decisions based on qualifications merit and business needs without regard to race gender age religion disability national origin or any other protected characteristic.

What Happens Next

Thank you for your interest in becoming part of Mobiz. We are committed to attracting exceptional talent and building a team that drives innovation excellence and meaningful impact. Every application is reviewed with care and consideration. If your experience and qualifications are a match for the role a member of our team will connect with you regarding the next stage of the hiring process.

We appreciate your interest in joining Mobiz and wish you success in your career endeavors.

Required Experience:

Manager