Cybersecurity Operations Engineer

About The Position

Requirements

• 7–9 years of experience in cybersecurity operations, security engineering, or senior SOC/IR roles
• Hands-on MDR experience (alert triage, escalation workflows, MSSP management)
• Deep expertise with CrowdStrike Falcon (EDR, detection tuning, SIEM/LogScale)
• Endpoint security at scale (macOS with Jamf, Windows with Intune)
• Proven incident response leadership (led incidents end-to-end)
• Cloud security experience in AWS and either GCP or Azure (IAM, CloudTrail, GuardDuty, secrets management)
• Experience leading enterprise security platform evaluations and POCs
• Familiarity with SASE, CASB, or SSE architectures
• Active daily use of AI and automation (100% internal AI adoption; required)

Nice To Haves

• Palo Alto Networks experience (Cortex XDR, Prisma Access, Prisma Cloud); PCNSE preferred
• Jamf Protect and Jamf Connect at scale
• Continuous pentesting platforms (Pentera, NodeZero, Horizon3)
• DLP tooling (policy design, data classification, endpoint/cloud enforcement)
• MITRE ATT&CK expertise (detection mapping, threat modeling, tabletop exercises)
• CIS benchmark implementation and enterprise-scale hardening
• PCNSE
• GCIH
• GCIA
• CrowdStrike CCFA / CCFR
• Or equivalent certifications

Responsibilities

• Serve as primary liaison to the MDR provider; own escalation workflows, alert triage, and SLA accountability across all entities
• Act as primary incident responder, leading containment, eradication, recovery, and post-incident documentation
• Maintain and test incident response playbooks aligned to MITRE ATT&CK
• Lead tabletop exercises in coordination with the vCISO and drive IR maturity across portfolio companies
• Lead technical evaluation of Palo Alto Cortex XSIAM, including POC design, capability assessment, and transition planning
• Own endpoint security posture across ~1,400 macOS and 300 Windows devices
• Eliminate local admin access across the macOS fleet (priority initiative)
• Manage Jamf, Jamf Protect, and Jamf Connect; maintain CrowdStrike configurations and detection tuning
• Define and implement CIS baselines and hardening standards across endpoints and servers
• Lead POC for Cortex XDR/XSIAM: scenario design, detection validation, and operational fit
• Evaluate Prisma Access (SASE: ZTNA, SWG, CASB) and Prisma Cloud (CSPM/CWPP)
• Produce technical assessments covering capability gaps, integration complexity, migration risk, and total cost of ownership
• Own implementation if selected
• Own cloud security strategy across AWS, GCP, and Azure
• Expand CloudTrail and GuardDuty coverage across environments
• Secure CI/CD pipelines (GitHub Actions), enforce secrets management and least-privilege IAM
• Evaluate and implement vulnerability management platform; enforce remediation SLAs and reporting
• Lead CASB and DLP vendor evaluation and implementation
• Maintain and improve CrowdStrike Next-Gen SIEM/LogScale detection rules
• Map detection coverage to MITRE ATT&CK (focus on IAM abuse, lateral movement, data exfiltration)
• Evaluate and implement continuous pentesting platforms (Pentera, NodeZero, Horizon3)
• Conduct technical security assessments across portfolio companies
• Support DevSecOps and secure SD

Benefits

• comprehensive total rewards package designed to provide protection, peace of mind, and a focus on overall well-being while helping our people plan for the future
• comprehensive benefits package for our full-time employees
• healthcare benefits
• a 401(k) plan with an employer match
• short-term and long-term disability coverage
• life insurance
• paid time off
• parental leave
• various paid holidays
• opportunities for involvement in a wide range of challenging and impactful projects, across diverse industries and business models, fostering career advancement and development within our growing organization
• highly collaborative and supportive culture