Defensive Security Engineer (Remote)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related field.
• Minimum of 3-5 years cyber security experience.
• 5+ years in a technical security role (SOC Tier 2/3, security engineering, incident response, or equivalent).
• Hands-on experience with SIEM (e.g., Sentinel, Splunk), EDR/XDR (e.g., SentinelOne, Defender), and SOAR platforms.
• Fluency in interpreting logs, building detections, and writing scripts (PowerShell, Python, etc.).
• Strong understanding of cloud security architecture (Azure preferred), including IAM and telemetry ingestion.
• Experience with threat detection engineering and mapping detections to MITRE ATT&CK.
• Familiarity with secure baselining (CIS/NIST), access controls, and platform hardening.

Responsibilities

• Support daily security operations by performing proactive threat hunting across endpoint, network, identity, and cloud data sources.
• Lead investigation and response efforts for high-fidelity alerts, using behavioral analytics and MITRE ATT&CK-based analysis.
• Manage detection pipelines, detection-as-code frameworks, and automated correlation rules across SIEM, EDR, MDR, and XDR platforms.
• Design and implement automated response workflows in SOAR and XDR platforms.
• Integrate alerting tools with threat intelligence platforms, ServiceNow, and remediation workflows.
• Architect and maintain telemetry ingestion pipelines for logs, cloud-native signals, and third-party integrations.
• Act as SME for Vallen’s security stack: SIEM, SOAR, EDR/MDR, UEBA, CSPM, container security, vulnerability scanners.
• Support the vulnerability management program by contributing to risk analysis, remediation coordination, and process improvement initiatives.
• Tune detection logic, logging schemas, and role-based access control (RBAC) policies across tools.
• Enforce baseline hardening across Windows, Linux, macOS, and Azure-native services.
• Partner with infrastructure and networking teams to implement microsegmentation, traffic analysis, and endpoint enforcement policies on network security platforms.
• Lead integration efforts with platforms like SentinelOne, Fortinet, Proofpoint and O365.
• Contribute to continuous improvement of detection and response capabilities, processes, playbooks, and security tool strategies.
• Develop and maintain clear process documentation for security operations, enabling IT teams to effectively support end users and resolve security-related tickets.
• Monitor threat landscape and threat intelligence resources to ensure emerging threats are proactively accounted for within the security platform suite.

Benefits

• Medical, Dental, Vision
• Paid time off (vacation, holidays, sick days)
• 401K with discretionary company match - (US positions only)
• Employer-paid Basic Life for Employee, Spouse, and Dependents
• Employer-paid Short-Term and Long-Term Disability
• Health Care and Dependent Care Flexible Spending Accounts
• Vitality Wellness Program
• Employee Assistance Program
• Employee Resource Groups for networking and team building
• Tuition Reimbursement Program
• Employee Referral Program
• Safety Shoe and Safety Glasses reimbursement
• Employee Discounts through BenefitHub
• Advancement Opportunity