Principal AI SOC Engineer

About The Position

Requirements

• 8–12 years of hands-on experience in enterprise IT engineering, with expertise spanning cybersecurity, cloud platforms, SecOps, AI/ML, and emerging technologies.
• 3–5 years of direct SOC engineering experience, including designing, building, and optimizing SOC tooling, with at least 2 years supporting federal SOC environments (civilian agencies, DoD, Intelligence Community, or federal law enforcement).
• 3+ years of hands-on experience applying AI/ML techniques to cybersecurity or operational systems, including building AI-enabled security workflows for alert enrichment, triage, detection engineering, or automated response.
• 2+ years of practical experience working with LLMs or GenAI systems in production or near-production environments, including RAG pipelines or LLM-integrated automation for SOC use cases.
• Strong experience with SOC automation, orchestration, and playbook design, including API-driven integrations and engineering detection, correlation, and response pipelines.
• Demonstrated ability to collaborate effectively with a team of engineers, setting technical strategy, reviewing designs, and fostering best practices in SOC, cloud, and AI/ML engineering initiatives.

Nice To Haves

• Experience with Google Cloud Platform (GCP), including Google SecOps and Vertex AI for ML/GenAI use cases.
• Google Professional Certifications: Cloud Security Engineer, Cloud Security Architect, Machine Learning Engineer.
• SECRET clearance eligible (active clearance not required)

Responsibilities

• Support design and engineer AI-powered SOC capabilities that improve analyst efficiency, reduce alert fatigue, and accelerate detection and response.
• Partner with engineers and developers to deliver SOC and automation solutions, setting a high technical bar through hands-on contribution and shared ownership.
• Apply AI/ML and GenAI techniques to SOC engineering problems, including alert enrichment, prioritization, correlation, and automated response.
• Build and evolve detection and response pipelines across SIEM, SOAR, EDR, and cloud security platforms.
• Engineer solutions across SIEM and SOAR platforms, including Elastic, Splunk, Azure or SecOps with a tool-agnostic mindset.
• Integrate Google SecOps and GCP-native services where appropriate to enhance detection, visibility, and response.
• Support design of scalable SOC architectures that support high-volume telemetry and real-time operational workflows.
• Build and maintain strong SOC automation using SOAR, custom services, and AI-driven decisioning.
• Improve SOC velocity and throughput by automating repetitive analyst tasks and standardizing response patterns.
• Engineer workflows that translate detections into actionable, automated outcomes across security and infrastructure controls.
• Own and groom the engineering backlog; prioritize, design, and ship production-ready solutions.
• Translate user stories and operational requirements into concrete technical designs and implementations.
• Set engineering standards and patterns for AI-enabled SOC capabilities across the organization.

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave