ENGINEERING TEAM LEAD - 72003934

About The Position

Requirements

• Enterprise cybersecurity engineering principles, including the design, implementation, and operation of security platforms that support SOC detection, analytics, and incident response workflows.
• Security tooling architectures and technologies, including SIEM, data lakes, SOAR, detection engineering platforms, and threat intelligence systems.
• Security telemetry sources, detection engineering concepts, analytic workflows, and the technical dependencies required to support effective threat detection and hunting.
• Systems security management practices related to availability, reliability, performance, and resilience of security platforms and supporting infrastructure.
• Incident response processes and the role of engineering support during investigations, containment, and recovery activities.
• Documentation, configuration management, and operational support practices used to sustain complex security platforms over time.
• Modernization concepts relevant to cybersecurity engineering, including platform consolidation, automation, scalability, and interoperability.
• Designing, implementing, tuning, and validating SIEM detections using structured detection logic.
• Authoring, reviewing, and operationalizing Sigma rules and adapting them to enterprise environments and tooling constraints.
• Analyzing detection performance using quantitative metrics such as alert volume, false positive rates, and coverage by telemetry source.
• Leading and mentoring cybersecurity engineers.
• Directing engineering priorities, assigning tasks, and managing workloads to support SOC operations, enterprise initiatives, and improvement activities.
• Designing, implementing, configuring, and maintaining security platforms and integrations that enable detection, analytics, and incident response.
• Troubleshooting complex technical issues involving security tools, telemetry pipelines, data quality, and system integrations.
• Validating telemetry fidelity and detection enablement to ensure SOC analysts can effectively perform alert triage, threat hunting, and investigations.
• Coordinating engineering support for SOC operations, including participation in incident response activities requiring platform or tooling expertise.
• Developing and maintaining technical documentation, runbooks, and standard operating procedures for engineering operations and platform support.
• Identifying technical risks, or inefficiencies in tooling and proposing practical engineering solutions.
• Balance current-state operational demands with long-term modernization objectives in a transitioning engineering and SOC environment.
• Ensure the reliability, availability, and performance of security tooling while evolving platform capabilities and integrations.
• Translate SOC operational needs and analyst workflows into effective engineering solutions.
• Independently tune detections and telemetry pipelines to support evolving SOC operational needs.
• Make data-driven decisions about which telemetry sources should or should not be forwarded into the SIEM.
• Execute engineering work in alignment with enterprise architecture standards while supporting iterative improvement and innovation.
• Foster effective collaboration across organizational boundaries while respecting differing priorities and constraints.
• Anticipate emerging technical requirements and prepare engineering capabilities to support future detection, analytics, and response needs.
• Drive continuous improvement of engineering processes, support models, and platform resilience to advance SOC and enterprise cybersecurity maturity.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related field; equivalent professional experience may be considered in lieu of a degree.
• 6+ years of progressively responsible experience in cybersecurity engineering, security operations engineering, or related technical roles supporting enterprise security platforms.
• At least 2 years’ experience developing or following engineering processes related to change management, configuration management, or operational support.
• At least 2 years of experience leading, mentoring, or coordinating technical staff, including task prioritization and workload management.
• Demonstrated experience designing, implementing, configuring, or maintaining security tooling such as SIEM, SOAR, security data platforms, detection systems, or threat intelligence platforms.
• Demonstrated hands-on experience developing, tuning, and maintaining SIEM detections in a production SOC environment.
• Experience authoring or operationalizing Sigma rules or equivalent structured detection logic.
• Demonstrated experience selecting, filtering, or optimizing security telemetry to support detection and investigation outcomes.
• Experience collaborating with cross-functional teams to support incident response, platform integration, or modernization initiatives.
• Strong written and verbal communication skills sufficient to provide technical guidance to internal teams and enterprise stakeholders.

Nice To Haves

• Relevant professional certifications such as CISSP, CCSP, cloud security certifications, or equivalent, preferred.

Responsibilities

• Lead a cybersecurity engineering team with varying technical skill sets, balancing legacy platform support with the development of modern security engineering capabilities.
• Ensure timely execution of assigned operational, project, and improvement activities.
• Manage task assignments, workloads, and priorities to ensure effective delivery of engineering support for SOC operations and enterprise initiatives.
• Mentor and develop engineering staff by providing technical guidance, performance feedback, and opportunities to build depth across security platforms and technologies.
• Lead strategy and execution for the enterprise SOC tool stack, including SIEM, data lake, SOAR, detection, and threat intelligence platforms.
• Own the technical lifecycle of SIEM detections, including creation, validation, tuning, versioning, deployment, and retirement, ensuring detections function as intended in production.
• Ensure that security telemetry ingested from the Security Lake into the SIEM is intentionally scoped, operationally necessary, and optimized for detection and investigation use cases.
• Support and maintain existing enterprise security consoles and centrally managed security solutions while planning and executing the transition to modernized, integrated SOC platforms.
• Evaluate telemetry sources for signal value, redundancy, cost, and analytic usefulness, and remove or suppress data that does not materially support SOC operations.
• Ensure high availability, performance, and reliability of security tooling and supporting infrastructure.
• Oversee ingestion and retention of security telemetry to ensure data completeness, accuracy, and usability.
• Validate telemetry fidelity and data quality to support effective detection, analytics, and threat-hunting activities.
• Direct day-to-day engineering operations supporting SOC detection, response, and analytic workflows.
• Manage configuration, integration, and lifecycle activities for security tools, ensuring alignment with enterprise architecture standards and security requirements.
• Support troubleshooting, root-cause analysis, and remediation of tooling, data, or integration issues impacting SOC operations.
• Coordinate engineering participation in incident response activities where tooling, telemetry, or platform expertise is required.
• Coordinate with the SOC Manager to understand analyst requirements and ensure engineering efforts support operational workflows and priorities.
• Partner with the Enterprise Architecture Team Lead to ensure engineering implementations align with approved architecture standards and modernization initiatives.
• Collaborate with other cybersecurity, IT, and data teams to support enterprise integrations, interoperability, and modernization objectives.
• Participate in cross-functional projects, providing engineering expertise while respecting the priorities and constraints of partner teams.
• Drive continuous improvement of engineering processes, tooling reliability, and operational support models.
• Identify gaps in detection coverage, telemetry, or tooling capabilities and propose technical solutions in coordination with architecture and SOC leadership.
• Support development and maintenance of engineering documentation, runbooks, and standard operating procedures.
• Contribute to SOC and enterprise cybersecurity maturity initiatives by improving platform resilience, scalability, and analytic enablement.