Security Operations Center (SOC) Engineer

ZeroFox seeks a motivated and detail-oriented Security Operations Center (SOC) Engineer to join our cybersecurity team. As the first team member dedicated exclusively to SOC operations, you will help establish our monitoring, triage, and threat intelligence workflows. In this role, you will serve as the first line of defense against cyber threats, while also contributing to Cyber Threat Intelligence (CTI) efforts and assisting with broader security projects. This is an excellent opportunity for early-career professionals eager to gain hands-on experience across multiple areas of cybersecurity within a lean, high-impact team.

Role and responsibilities 

Expertise

• Monitor and analyze alerts from SIEM, EDR, and other monitoring platforms.
• Perform initial triage of security events using documented playbooks.
• Support CTI workflows, including collecting and summarizing internal and external intelligence.
• Document investigations, incident details, and response actions clearly.

Impact

• Escalate confirmed incidents to senior SOC staff or cross-functional teams.
• Contribute to threat reporting for leadership and stakeholders.
• Assist with security projects, such as tool integrations, automation pilots, and process improvements.

Influence

• Participate in shift handovers and maintain clear communication of ongoing investigations.
• Share findings and escalate issues effectively to ensure timely resolution.

Innovation

• Support the development of SOC playbooks, detection rules, and dashboards under guidance.
• Stay current on emerging threats and contribute ideas for continuous improvement.

Requirements

Required qualifications and skills 

• Bachelor’s degree in Information Security, Computer Science, or related field; OR equivalent practical experience.
• 0–2 years of professional experience in security operations, IT support, or related technical field.
• Basic familiarity with cybersecurity concepts (e.g., malware, phishing, vulnerabilities, log analysis).
• Basic scripting or automation knowledge (Python, PowerShell, Bash).
• Strong analytical and problem-solving skills with attention to detail.
• Exposure to SIEM, EDR, or IDS/IPS tools (academic, lab, or professional).
• Ability to learn new tools and processes quickly in a hands-on environment.
• Clear written and verbal communication skills, including documenting findings.
• Ability to balance day-to-day monitoring with participation in longer-term projects.
• Strong interest in developing toward advanced SOC, CTI, or incident response roles.

Desired qualifications and skills

• CompTIA Security+, Network+, or equivalent entry-level certification.
• Familiarity with threat intelligence concepts and frameworks (e.g., MITRE ATT&CK).
• Exposure to cloud environments (AWS, Azure, GCP).
• Experience drafting technical or executive reports.

Benefits

• Competitive compensation
• Community-driven culture with employee events
• Generous time off 
• Best-in-class benefits
• Fun, modern workspace 
• Respectful and nourishing work environment, where every opinion is heard and everyone is encouraged to be an active part of the organizational culture