SOC L2/L3 Engineer

TL;DR

SOC L2/L3 Engineer (SIEM/SOAR): Build and operationalize a SIEM from PoC to production, including case management and UEBA, and design detection rules mapped to MITRE ATT&CK for identity compromise, privilege escalation, lateral movement, and endpoint threats. Focus on triaging and investigating L2/L3 alerts, running incident response and basic forensics, onboarding log sources across AWS/JumpCloud/Google Workspace/CDE/SWIFT, and improving detection coverage with automation and structured reporting.

Location: Remote (Europe) — Warsaw, Nicosia, Kyiv, Lviv

Company

hirify.global builds a payments orchestration platform for regulated financial infrastructure.

What you will do

• Build and operationalize the SIEM from PoC to production, including case management and UEBA, with ownership of technology selection.
• Design, write, and tune detection rules mapped to MITRE ATT&CK; cover identity compromise, privilege escalation, lateral movement, and endpoint threats.
• Triage and investigate L2/L3 alerts, reduce false positives, and define clear escalation paths per use case.
• Lead incident response and basic forensics (containment, eradication, and structured lessons learned).
• Onboard log sources across AWS, JumpCloud, Google Workspace, CDE, and SWIFT; run threat hunts based on realistic attack hypotheses.
• Maintain runbooks/playbooks and automate repetitive actions via SOAR or scripting; define SOC metrics and own monthly reporting.

Requirements

• 3+ years in SOC / Detection & Response at L2/L3 level with hands-on investigation experience.
• Practical experience building or operating a SIEM, including writing and tuning detection rules.
• Detection engineering with MITRE ATT&CK mapping; confident with KQL, SPL, or equivalent query languages.
• Experience investigating cloud log sources (e.g., AWS CloudTrail, GuardDuty, Google Workspace, EDR/XDR).
• Scripting/automation skills (Python or similar) for telemetry processing and routine tasks.
• Strong understanding of attacker techniques and how they appear in logs; disciplined investigation process and clean documentation/post-mortems.

Culture & Benefits

• Greenfield SOC: build the detection stack from scratch with no inherited SIEM or legacy detection rules.
• 30+ days off, unlimited sick leave, free office meals, and health coverage.
• Apple gear provided; courses, conferences, sports, and wellness benefits.
• Ownership culture: end-to-end responsibility for the detection lifecycle (log onboarding, use case design, triage, response, reporting).