L2資安工程師

【Role Overview】

The L2 Security Engineer is the core investigation and response specialist. This role handles escalated incidents from the L1 team, performing deep-dive analysis, correlating data from multiple sources, and executing initial containment measures. They are also responsible for mentoring L1 engineers and improving detection processes.

【Key Responsibilities】

1.Conduct in-depth investigations of complex security incidents.

2.Analyze logs from diverse sources (endpoints, network, cloud, identity) to determine the scope and impact of an attack.

3.Perform initial incident response and containment actions (e.g., isolating a host, blocking an IP).

4.Develop and refine detection rules, queries, and operational playbooks.

5.Mentor L1 Engineers and act as a point of escalation for technical questions.

6.Contribute technical details and analysis for customer-facing incident reports.

【Required Qualifications】

1.3-5 years of experience in a SOC, with at least 1-2 years in an incident analysis/response role.

2.Strong proficiency with XDR platforms, SIEM query languages, and network/endpoint forensic tools.

3.Deep understanding of MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures).

4.Experience with network packet analysis (e.g., Wireshark).

【Preferred Skills & Certifications】

• EC-Council Certified Incident Handler (ECIH)

• EC-Council Computer Hacking Forensic Investigator (CHFI)

• ISC² SSCP or CISSP (Certified Information Systems Security Professional)

• Experience with cloud security (AWS, Azure, GCP).

※ 自由系統第一階段面談皆為Microsoft Teams視訊面談。