Cyber security SoC Engineer

C R O S S C I P H E R Security Operations Center SOC Engineer — Integration & Presales Location Remote / Hybrid Employment Full-time, Shift-based Experience 2–4 years Department Cybersecurity / Security Operations Reports To SOC Manager Travel Up to 25% Client-Facing Yes — Presales & Integration Role Summary We are seeking a technically strong and client-oriented SOC Engineer to own the end-to-end onboarding of new clients onto our SOC platform, support presales technical engagements, and ensure the successful deployment and operation of XDR agents across diverse client environments. You will serve as a key bridge between our sales team and the technical operations team — translating client needs into working security solutions while troubleshooting issues across Windows and Linux environments. Client Integration Responsibilities :- Onboarding & Platform Integration • Lead the technical onboarding of new clients onto the SOC platform — from scoping and discovery through to full go-live • Configure data source integrations including syslog forwarding, API connectors, firewall log ingestion, and cloud log pipelines • Deploy, configure, and validate XDR agents across client Windows and Linux endpoints • Create client-specific SIEM rules, dashboards, and alert policies tailored to their environment • Coordinate with client IT teams to ensure network access, firewall exceptions, and proxy settings are correctly configured • Conduct onboarding handover sessions and produce integration documentation for both client and internal SOC teams.

XDR Agent Troubleshooting • Diagnose and resolve XDR agent installation failures, connectivity issues, and performance problems on Windows and Linux systems • Analyze agent logs, Windows Event Viewer entries, and Linux system journals (journalctl / syslog) to identify root causes • Troubleshoot common Windows issues: Group Policy conflicts, service failures, registry misconfigurations, and AV exclusion errors. • Troubleshoot common Linux issues: package dependencies, SELinux/AppArmor policies, daemon failures, and permission errors • Document recurring issues and develop step-by-step remediation runbooks for the support team • Escalate unresolved technical issues to the vendor with full diagnostic detail and follow through to resolution Integration Workflow -Discovery Call Scope & Prereqs - Agent Deploy -Tune & Validate- Handover Presales Responsibilities Handover • Support the sales team in technical presales engagements — delivering platform demos, proof-of-concept setups, and architecture walkthroughs. • Prepare and deliver technical presentations tailored to the client's industry, size, and security maturity level. • Respond to RFP/RFI technical sections, security questionnaires, and due diligence requests from prospects. • Clearly articulate the value of XDR, SIEM, and SOC-as-a-Service offerings to both technical and non-technical audiences. • Conduct gap analysis and security assessments for prospective clients to define a clear integration roadmap. • Build trusted relationships with client technical stakeholders during the pre-contract phase. • Provide post-demo feedback to the product team based on client objections and feature requests. Core SOC Responsibilities • Monitor and triage security alerts across SIEM, EDR, and network platforms during assigned shifts • Investigate incidents following established runbooks and escalate to L2/L3 as appropriate • Develop and tune SIEM correlation rules and alerting thresholds to reduce false positives • Produce clear incident reports and post-incident documentation • Participate in threat hunting activities and stay current on emerging TTPs via threat intelligence feeds • Mentor L1 analysts and provide escalation support and knowledge transfer Required Qualifications: - Security & SOC • 2–4 years of experience in a SOC, security engineering, or IT security role • Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, or QRadar • Working knowledge of the MITRE ATT&CK framework and its application to detection logic • Experience deploying and managing XDR or EDR agents (CrowdStrike, Sentinel One, Cortex XDR, or similar) Windows & Linux Troubleshooting • Solid Windows troubleshooting skills: Event Viewer, Services, Registry Editor, Group Policy, Task Scheduler, PowerShell. • Solid Linux troubleshooting skills: systemctl, journalctl, file permissions, cron, SELinux/AppArmor, package managers (apt/yum). • Ability to read and interpret system and application logs to logically trace and resolve client-reported issues. • Comfortable working via SSH and remote desktop in headless or restricted client environments. Client-Facing & Communication • Proven ability to communicate complex technical concepts clearly to non-technical stakeholders. • Experience delivering technical presentations, demos, or training to external clients or partners. • Strong written communication skills for producing integration guides, runbooks, and client-facing reports.

Preferred Qualifications • Industry certifications: CompTIA Security, CySA, CEH, GCIH, or vendor-specific XDR/SIEM certifications. • Experience with cloud environments (AWS, Azure, GCP) and cloud-native security integrations. • Scripting ability in Python, PowerShell, or Bash for deployment automation and log parsing. • Familiarity with SOAR platforms and automated playbook creation. • Background in MSP/MSSP environments with multi-tenant platform management experience. • Prior presales, solutions engineering, or technical account management experience. • Active security clearance or eligibility to obtain clearance. Tools & Technologies SOC & Detection Splunk - MS Sentinel - QRadar - MITRE ATT&CK - Wireshark - Nessus XDR / EDR Agents CrowdStrike Falcon - Sentinel One - Cortex XDR - MS Defender for Endpoint - Carbon Black OS & Scripting Windows Server - Linux (RHEL/Ubuntu) - PowerShell - Bash - Python - GPO / Registry What We Offer • Competitive salary with performance and client acquisition bonuses • Flexible remote / hybrid work arrangement. • Career growth path toward Senior SOC Engineer, Solutions Architect, or Threat Intelligence roles. • Collaborative team culture with access to cutting-edge security tooling. To apply, send your CV and cover letter to: [email protected] — Applications reviewed on a rolling basis.