Security Engineer SOC Incidents

Security Engineer II SOC Incident Response

Location: Morton Grove, IL (Hybrid; mostly remote after onboarding; must live in Chicago area)

Schedule: Mon Fri, 8:00 AM 4:30 PM CST; includes 24/7 on-call rotation

Status: Full-Time

Pay Range: $85K $115K (based on experience and expertise) Overview

Seeking a Security Engineer II to strengthen our SOC (Security Operations Center) and lead incident response activities across cloud, network, and endpoint environments. This mid-level role requires hands-on expertise with Sumo Logic and a strong grasp of the incident response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned).

The ideal candidate will be comfortable investigating alerts, refining SOC processes, and working with multiple enterprise security platforms (CrowdStrike, Tenable SC, Delinea, Palo Alto xDome, Bitsight, Azure, ServiceNow, Splunk).

Key Responsibilities

• • Monitor and investigate SOC alerts from SIEM, EDR, IDS/IPS, DLP, and cloud security tools.

  • Lead incident response activities, including containment, remediation, documentation, and reporting.

  • Build, maintain, and tune Sumo Logic dashboards, queries, and integrations.

  • Support vulnerability management and coordinate remediation with IT teams.

  • Document playbooks, improve SOC processes, and provide lessons-learned feedback.

  • Collaborate with infrastructure, cloud, and application teams to reduce risks.

  • Independently conduct complex incident investigations and report results and attack information to leaders/management.

  • Partner with engineering and IT teams to mitigate IoT/IoMT security risks.

Qualifications

Minimum eight (8) years combined IT/ Cybersecurity experience five (5) years Cybersecurity experience and must have Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience).

5+ years of cybersecurity experience (SOC, Incident Response, or related functions).

Strong hands-on experience with Sumo Logic (or Splunk) for SIEM operations.

Must have familiarity with incident response frameworks and playbook development

Experience with at least enterprise security applications (EDR (CrowdStrike), SIEM, IAM, Vulnerability Management, DLP, etc.).

Knowledge of regulatory and compliance standards (HIPAA, NIST, FedRAMP).

Industry certifications (e.g., GCIA, GCIH, CISSP, Azure Security) preferred.

• Participate in compliance reviews and security assessments (HIPAA, NIST, ISO).

• Contribute to security projects and mentor junior team members.

If applying for this role, give a short paragraph how you align with the role, salary you're targeting, citizenship status and Location. Send to paul at paulmayassociates dot com

If applying for this role - Please take each key point and provide number of years experience and what you would rate yourself, 1 thru 10 (10 being expert) for each key point. Send your resume and notes on the role to expediate our recruiting services.