SOC Engineer Austin, TX or San Antonio, TX

Location: Austin, TX or San Antonio, TX
Duration: Long Term Contract

Job Description:

Position Overview

Our client, a leading enterprise security organization, is seeking an experienced L2 SOC Engineer to join their Security Operations Center team. The L2 SOC Engineer will act as the primary escalation point for L1 analysts, conducting advanced investigations, validating security incidents, executing response actions, and collaborating with Incident Response and Engineering teams to improve overall security operations.

Key Responsibilities

• Investigate and validate escalated security alerts from L1 analysts, determining true positives versus false positives.
• Perform deep-dive security investigations using SIEM, EDR, NDR, email security, and threat intelligence platforms.
• Execute approved containment actions, including host isolation, account disablement, and IOC blocking in accordance with established runbooks.
• Escalate confirmed and high-severity incidents to Incident Response/L3 teams with complete documentation and supporting evidence.
• Tune detection rules and correlation logic to improve alert fidelity and reduce false positives.
• Collaborate with engineering teams to enhance security monitoring and detection capabilities.
• Maintain and update investigation playbooks, SOPs, and knowledge base documentation.
• Conduct threat hunting activities based on threat intelligence advisories and emerging threats.

Required Qualifications

• 2–4 years of SOC, Cybersecurity Monitoring, or Security Operations experience.
• Minimum 1 year of experience as a SOC Analyst (L1) or equivalent security role.
• Hands-on experience with enterprise SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, or Exabeam.
• Experience working with at least one EDR solution.
• Strong understanding of TCP/IP, DNS, HTTP/HTTPS, email protocols, Active Directory, Windows, and Linux environments.
• Knowledge of MITRE ATT&CK framework, malware analysis fundamentals, phishing investigations, and BEC detection.
• Strong analytical, troubleshooting, and documentation skills.
• Ability to create detailed investigation reports and client-facing incident summaries.
• Willingness to work in a 24×7 rotational shift environment, including nights, weekends, and holidays.

Preferred Qualifications

• Security certifications such as Security+, CySA+, GSEC, GCIA, BTL1/BTL2, Splunk Core, CrowdStrike, or similar.
• Experience with Python, PowerShell, KQL, or SPL query development.
• Exposure to cloud security monitoring, including AWS CloudTrail, Microsoft Entra ID (Azure AD), Microsoft 365, or Google Workspace environments.
• Experience with threat hunting and detection engineering initiatives.

Why Join?

• Long-term engagement with a well-established enterprise security client.
• Opportunity to work in a mature SOC environment utilizing modern security technologies.
• Exposure to advanced threat detection, incident response, and security engineering practices.

 

 

 

Thanks & Regards
Nishat Afza| Manager- Recruitment
TekIntegral Inc  |  555 Republic Drive, Suite 240 Plano, TX USA 75074
Nishat@tekintegral.com