Engineer I, SOC

Job Description:

The Engineer I, Security is an entry level supporting role that will assist with day-to-day security engineering and operations work, helping maintain and improve security processes across systems and applications while learning from and collaborating with senior engineers and cross-functional partners.

• Assist in developing and maintaining security tools, documentation, and standards under the guidance of senior engineers.
• Support threat monitoring, triage, and analysis activities; escalate potential security incidents following established procedures.
• Partner with application, infrastructure, and DevOps teams to help track and remediate vulnerabilities across cloud and on-prem systems.
• Create and maintain operational runbooks and assist with SOC documentation and process updates.
• Configure and monitor alerts and dashboards in the SIEM platform with oversight; help validate tuning changes and document outcomes.
• Assist in supporting email, endpoint, and identity protections (configuration, monitoring, and basic troubleshooting).
• Help automate recurring tasks using Python, PowerShell, or other scripting languages; contribute to small automation improvements.
• Participate in incident response activities alongside the production IR team during security events; follow runbooks and contribute notes and evidence as needed.
• Contribute to knowledge sharing and cross-team learning through documentation, demos, or training sessions.
• Perform other duties that support the overall objective of the position.

Education Required:

• Bachelor's degree in Information Systems, Computer Science, or related discipline.
• Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

• 1–3 years of experience (or relevant internships/co-ops) in security operations, IT operations, systems administration, or a related technical area.

License/Certification Required:

• Security+ or similar foundational security certification preferred; CEH, SANS, ISC2, or cloud certifications (AWS, Azure, GCP) are a plus.

Knowledge, Skills & Abilities:

• Knowledge of: Foundational knowledge of security concepts and tools (e.g., SOC operations, SIEM, EDR, email threat protection, vulnerability management, and cloud security). Basic scripting familiarity (Python or PowerShell) and willingness to learn automation practices. Awareness of MITRE ATT&CK, common attack techniques, and basic log analysis concepts.
• Skill in: Strong analytical and troubleshooting skills. Clear communication and collaboration in team environments.
• Ability to: Strong willingness to learn and ability to work as part of a team.

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.