Cyber Defense – Defense Engineering Service Lead

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or relevant professional experience.
• 5+ years hands-on experience or equivalent demonstrated proficiency building/maintaining automation using Python and REST APIs in production environments.
• 8+ years hands-on experience or equivalent depth of expertise in SOC operations, with emphasis on incident response, detection engineering, and security automation.
• Deep familiarity with MITRE ATT&CK, attacker TTPs, and the ability to translate behaviors into high-fidelity detections, preventive safeguards, and response controls across cloud, endpoint, identity, network, email, OT, and SaaS.
• Skilled in hypothesis-driven hunting, rapid triage, and end-to-end investigations using telemetry from SIEM/EDR/NDR and cloud-native logs; strong grasp of forensics fundamentals (host, network, and identity).
• Hands-on experience designing, implementing, and tuning security controls including hardening baselines, logging/telemetry standards, segmentation, access controls, and compensating controls for regulated and hybrid environments.
• Strong knowledge of security logging pipelines, normalization/enrichment, data quality, and integration patterns to support detection, hunting, and response at scale.
• Proven ability to standardize and automate repeatable security operations through SOAR, scripting, and workflow design; builds playbooks/runbooks that reduce MTTR and operational toil.
• Applies advanced analytics to improve detection and response outcomes (signal-to-noise reduction, anomaly detection, prioritization), with emphasis on operationally usable results.
• Strong working knowledge of modern security platforms such as SIEM, SOAR, EDR, and network/email security controls; experience developing content and integrations within SIEM/SOAR ecosystems.
• Designs and operationalizes incident response playbooks, escalation paths, and communications; coordinates cross-functional response and delivers executive-ready updates and post-incident improvements.
• Expertise in securing and administering enterprise platforms (e.g., Windows Server and/or Linux/UNIX), with solid understanding of enterprise architecture patterns and operational constraints.
• Communicates complex defensive risk clearly to technical and non-technical audiences; influences stakeholders through credibility and professionalism and enables collaborative decision-making.
• Strong project/program execution skills—manages competing priorities, drives outcomes in fast-paced environments, and contributes hands-on to troubleshooting and implementation.
• Build and maintain SOPs, playbooks, and automation-first processes; standardize repeatable workflows.
• Define, measure, and improve SOC KPIs (e.g., detection coverage, alert quality, MTTD/MTTR, containment effectiveness).
• Own technical delivery and lifecycle management of security infrastructure, tooling, and detection/response capabilities.
• Develop and mentor teams across skill levels.
• Partner with risk/strategy and business stakeholders to align defensive engineering priorities to enterprise risk, including regulated industry requirements.

Nice To Haves

• GSEC (GIAC Security Essentials)
• GCIH (GIAC Certified Incident Handler)
• GCIA (GIAC Certified Intrusion Analyst)
• GSOC (GIAC Security Operations Certification)
• GCED (GIAC Cybersecurity Expert Defense)
• CISSP / CISM

Responsibilities

• Manage Log Ingestion and Data Normalization: Oversee the onboarding and integration of log sources across enterprise environments, ensuring reliable data ingestion, parsing, and enrichment. Maintain adherence to a Common Information Model (CIM) to standardize event fields, promote interoperability among security tools, and maximize detection fidelity and coverage.
• Engineering & Automation: Design, develop, and maintain incident response playbooks, orchestrations, and automation for rapid response and evidence collection. Integrate and script security tools to create an efficient, cohesive, and automated defense ecosystem. Continually optimize detection logic and playbooks based on ongoing threat intelligence and operational feedback.
• Threat Hunting & Readiness: Lead hypothesis-driven threat hunting across endpoints, identity, network, and cloud infrastructure to uncover unknown threats. Conduct continuous detection QA and tuning to enhance signal fidelity, reduce false positives, and improve analyst efficiency. Stay current on evolving threats, leveraging new detection and hunting methodologies as needed.
• Incident Response & Purple Teaming: Serve as a hands-on incident responder, focusing on rapid containment and translating lessons learned into improved detections and processes. Partner with Red Team and IR colleagues on purple team exercises to validate detection coverage and address identified gaps.
• Metrics & Continuous Improvement: Develop, track, and report on detection metrics (coverage, fidelity, alert volumes, MTTA, MTTR) and use data-driven insights to inform backlog and roadmap priorities. Lead post-incident reviews and drive continuous improvement initiatives for the detection and response program.
• Mentorship & Leadership: Mentor, coach, and manage SOC analysts and detection engineers, providing guidance on triage techniques, detection logic, threat hunting, and automation while supporting career growth and development. Lead team performance by setting clear expectations and goals, monitoring outcomes, delivering regular feedback, and conducting performance reviews and improvement plans as needed. Foster a culture of excellence, knowledge sharing, and continuous learning through training, enablement, and cross-functional collaboration.
• Strategic & Client Partnership: Guide clients in building and maturing cyber defense and detection programs aligned with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, PCI-DSS). Communicate complex technical and operational issues effectively with both technical teams and executive stakeholders.

Benefits

• competitive healthcare and retirement savings benefits
• an array of benefits, policies and programs to support employee well-being in every sense, from health and financial wellness to family and lifestyle resources