Cybersecurity Engineer

About The Position

Requirements

• Security+ or higher certification required.
• Minimum of 4 years of experience as a Systems Engineer / Systems Administrator.
• Strong experience with corporate antivirus/antispam, security, and backup solutions.
• Strong knowledge of VMware and virtual environments.
• Strong knowledge of Active Directory, Group Policy, and PowerShell scripting.
• Strong working knowledge of network security fundamentals: TCP/IP, DNS, DHCP, routing/switching, segmentation, VPNs, NAT, and secure network design.
• Hands-on firewall experience (NGFW preferred): building and troubleshooting rules, NAT, VPN tunnels, content filtering, threat profiles, logging, and policy optimization.
• Experience with IDS/IPS and/or network detection concepts (signatures, anomaly detection, tuning, false-positive reduction).
• Strong knowledge of switching and routing, including secure configuration practices (AAA, SNMP hardening, management plane protection, secure routing where applicable).

Responsibilities

• Serve as an escalation point for SOC Analysts by providing technical guidance and support on complex security investigations.
• Help define, document, and improve SOC processes and procedures to ensure consistent, high-quality security operations.
• Provide recommendations to leadership and customers to strengthen security posture, reduce risk, and improve resiliency.
• Partner with internal teams, clients, and vendors to drive resolution of high-priority security issues and coordinate security initiatives.
• Uphold and exemplify Acture’s Core Values: Accountability, Customer First, Trust, Integrity, Opportunity, Nurturing Positive Culture & Fun.
• Manage daily security operations in accordance with SLAs, severity-based prioritization, and escalation requirements.
• Own and support customer network security posture across perimeter, internal network, and cloud connectivity—ensuring confidentiality, integrity, and availability.
• Assess, deploy, monitor, manage, and maintain network security controls including next-gen firewalls (NGFW), IDS/IPS, web filtering, VPN concentrators, WAF (where applicable), and security appliances across customer environments.
• Configure, harden, and validate firewall policies (least privilege, object/group standards, rule lifecycle management), including NAT, geo/IP reputation controls, application control, SSL inspection (where approved), and logging requirements.
• Design and maintain secure network segmentation (VLANs, ACLs, inter-VLAN routing controls) to limit lateral movement and isolate critical assets (servers, backups, OT/IoT, guest/wireless).
• Support and improve secure remote access including site-to-site VPN, client VPN, MFA integrations, certificate-based authentication, and conditional access alignment.
• Monitor and analyze network telemetry across environments using SIEM/XDR/NDR tools; triage and investigate alerts related to network-based threats (command-and-control, beaconing, lateral movement, brute force, anomalous authentication, DNS abuse).
• Perform packet-level and log-level troubleshooting (PCAPs, NetFlow, DNS logs, firewall logs, proxy logs) to determine root cause, scope, and containment actions.
• Scan for vulnerabilities and misconfigurations affecting network and perimeter systems (firewalls, switches, routers, wireless controllers, VPNs); coordinate remediation across systems, tools, and customer technologies.
• Investigate and remediate threats, including performing incident response tasks as part of the Incident Response Team; execute containment actions such as blocking malicious IPs/domains, disabling compromised accounts, isolating hosts, and tightening access paths.
• Research adversary activity and generate correlation, detection, and suppression rules to improve alert quality and SOC efficiency, including network-focused detections (impossible travel, unusual egress, port/protocol anomalies, DNS tunneling indicators).
• Develop and manage SOC projects, including initiatives that improve network visibility, logging coverage, and automation (standardizing firewall baselines, centralized logging, automated blocks, playbooks).
• Maintain accurate documentation of work performed and customer security environments, including network diagrams, firewall policy standards, segmentation maps, and change history.
• Communicate directly with customers daily—review reporting and clearly explain network security needs, findings, and recommendations (risk-based, business-friendly language).
• Support the day-to-day operation of customer infrastructure and serve as a point of contact for executives, vendors, and internal teams as needed; coordinate with ISPs/carriers during outages or security events.
• Participate in an after-hours on-call rotation and incident response coverage as required, including critical perimeter events (active exploitation, DDoS indications, VPN compromise, widespread malware).

Benefits

• Anthem Medical, Dental, Vision insurance, HSA, FSA, Life insurance, STD, LTD, 401k, EAP
• Generous Discretionary Paid Time Off
• 12 Paid Holidays
• A culture that values collaboration, respect, and real impact