SOC L2/L3 Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a SOC L2/L3 Engineer in Italy.

This is a unique opportunity for a cybersecurity professional to take ownership of security operations within a fast-paced, technology-driven environment handling large-scale financial transactions and sensitive data. In this role, you will design and build detection capabilities from the ground up, shaping how threats are identified, investigated, and mitigated across complex cloud and payment infrastructures. Working closely with senior security leaders and cross‑functional teams, you will drive incident response, threat hunting, automation, and continuous improvement initiatives. The position offers significant autonomy, direct influence over security strategy, and exposure to real‑world cyber threats in a highly regulated setting. It is ideal for an experienced SOC engineer who enjoys combining hands‑on technical work with strategic decision‑making while contributing to the development of a mature and scalable security operations function.

Accountabilities

• Design, implement, and operationalize a Security Information and Event Management (SIEM) platform, including evaluation, selection, deployment, and optimization of supporting technologies such as case management and UEBA solutions.
• Develop, maintain, and continuously improve detection rules and use cases aligned with frameworks such as MITRE ATT&CK to identify malicious activity across cloud, endpoint, identity, and network environments.
• Investigate and triage L2/L3 security alerts, validate incidents, reduce false positives, and establish efficient escalation workflows.
• Lead incident response activities, including containment, eradication, recovery, forensic analysis, root cause identification, and post‑incident reviews.
• Integrate and monitor log sources from cloud platforms, identity providers, endpoint protection tools, payment environments, and other critical systems.
• Conduct proactive threat hunting exercises based on emerging threats, attack techniques, and organization‑specific risk scenarios.
• Develop and maintain security runbooks, playbooks, and automation workflows to improve operational efficiency and response consistency.
• Define, track, and report key SOC metrics related to detection coverage, incident response effectiveness, and operational performance.
• Collaborate with security, engineering, and infrastructure teams to continuously strengthen detection capabilities and overall security posture.
• Contribute to the long‑term evolution and scaling of the security operations function through process improvements and strategic initiatives.

Requirements

• Minimum 3 years of experience in Security Operations, Detection Engineering, Incident Response, or related cybersecurity roles at the L2/L3 level.
• Hands‑on experience building, deploying, or managing SIEM platforms, including log onboarding, correlation rule development, and tuning.
• Strong expertise in detection engineering and threat detection methodologies, with practical application of MITRE ATT&CK frameworks.
• Proficiency with query languages such as KQL, SPL, or equivalent technologies used for security monitoring and analysis.
• Experience investigating cloud security events and telemetry from platforms such as AWS, Google Workspace, EDR/XDR solutions, and related services.
• Solid understanding of attacker tactics, techniques, and procedures, with the ability to translate threat intelligence into actionable detection content.
• Experience with incident response processes, forensic investigations, and security event analysis.
• Scripting and automation skills using Python or similar languages to streamline security operations and data analysis tasks.
• Strong analytical thinking, documentation skills, and ability to maintain structured investigation processes under pressure.
• Excellent communication and collaboration abilities, with the capacity to work effectively across technical and non‑technical teams.
• Experience with SOAR platforms, detection‑as‑code methodologies, UEBA solutions, threat intelligence integration, or payment industry security standards is considered a strong advantage.
• Familiarity with PCI DSS environments, SWIFT infrastructure, purple teaming exercises, or financial services security operations is highly desirable.

Benefits

• Opportunity to build and shape a security operations function with significant ownership and decision‑making authority.
• Direct impact on protecting critical financial infrastructure and large‑scale transaction environments.
• Freedom to influence technology selection, security architecture, and operational processes.
• Clear career progression opportunities, including potential leadership responsibilities as the security team grows.
• Exposure to advanced cloud security, threat detection, incident response, and automation initiatives.
• Collaborative environment with experienced cybersecurity professionals and strong leadership support.
• Flexible work arrangements designed to support productivity and work‑life balance.
• More than 30 days of annual leave plus unlimited sick leave.
• Comprehensive health coverage and wellness benefits.
• Professional development support, including access to training courses, certifications, conferences, and industry events.
• Sports, wellness, and employee wellbeing programs.
• High‑quality equipment, including Apple devices and modern productivity tools.
• Complimentary office meals and additional workplace perks where applicable.
• Competitive compensation package aligned with experience, expertise, and market standards.