Principal Cybersecurity Engineer

About The Position

Requirements

• 20+ years of progressive experience in cybersecurity, server infrastructure, and enterprise/data center operations.
• Demonstrated experience in enterprise-scale and/or MSSP-scale security operations.
• Experience supporting large environments, high asset counts, and high user populations.
• Experience operating in regulated environments and working within established security/compliance frameworks.
• Expert-level capability in Incident Response and Detection Engineering.
• Deep hands-on expertise in: Digital forensics / DFIR Threat detection and threat hunting Penetration testing Information systems management Malware analysis/malware reversing Security monitoring and triage optimization
• Strong evidence-driven investigation skills (log analysis, timeline creation, hypothesis testing, root cause analysis, defensible conclusions).
• Expert-level experience with at least one of the following: CrowdStrike, Zscaler, ThreatLocker
• Strong practical depth in enterprise EDR/EPP operations and tuning.
• Strong experience with SIEM and/or SOAR platforms and security workflow/playbook development.
• Strong hands-on experience with security operations platforms and tools, including multiple of the following: Splunk, ELK Stack, Microsoft Sentinel / Microsoft Defender, SentinelOne, Rapid7, Swimlane, D3 SOAR, Torq (or equivalent SOAR platforms), Darktrace, Tanium, Vectra, FireEye (or equivalent detection/response tooling), Volatility, Metasploit
• Experience with playbook development, triage automation, and SOC workflow optimization.
• Familiarity with MSSP operating models, escalation workflows, and service quality validation.
• Strong understanding of SIEM, IDS/IPS, and cloud security solutions.
• Firewall administration and/or strong working knowledge of enterprise firewall platforms and network security controls (Cisco, Fortinet, Palo Alto, or equivalent).
• Strong automation capability using Python, PowerShell, Bash, and/or SOAR tooling.
• Demonstrated experience designing or operating AI-enabled security workflows, including one or more of: LLM integration, Retrieval-augmented generation (RAG), Prompt engineering, Agentic AI workflows, Model evaluation, AI governance / AI security guardrails
• Ability to translate AI/automation capabilities into measurable improvements in security operations.
• Working experience across one or more cloud environments: AWS, Azure, Oracle Cloud.
• Strong Windows Server and Linux/UNIX systems knowledge.
• Experience with Active Directory.
• Experience with containers and modern platforms, including Docker and Kubernetes.
• Ability to build or support integrations and automation in production environments.
• Strong experience with Microsoft security, including: Defender for Office 365 Entra Microsoft 365 / Exchange security
• Experience securing and operating Microsoft environments/tenants in enterprise settings.
• Working knowledge of security and compliance frameworks/standards such as: NIST CSF 2.0, NIST 800-53 / NIST 800 series, CMMC, PCI-DSS, CIS Benchmarks
• Demonstrated experience mentoring analysts/engineers and improving operational maturity.
• Experience managing or influencing cross-functional efforts and external vendors/partners.
• Strong written communication (incident notes, post-incident summaries, remediation guidance).
• Strong operational discipline and follow-through.
• Low-ego, high-collaboration working style; calm under pressure.
• Hands-on, execution-focused mindset (this is not an architect-only role).
• Must demonstrate a strong work ethic, ownership mindset, and unwavering tenacity and desire to solve difficult problems.

Responsibilities

• Incident Response, DFIR, and Threat Mitigation Lead complex incident investigations end-to-end, including triage, scoping, containment, eradication, remediation, and post-incident follow-up.
• Perform root cause analysis and define preventive control improvements.
• Conduct and/or lead digital forensics and malware analysis activities, including sandboxed analysis when appropriate.
• Perform advanced threat hunting across endpoint, identity, network, email, and cloud telemetry.
• Coordinate response efforts across internal teams and MSSP partners to ensure timely escalation, containment, and resolution.
• You will be part of the on-call rotation, requiring you to be on standby and respond to high-severity alerts for 1 week every 5 weeks.
• Detection Engineering and Security Monitoring Optimization Build, tune, and improve detections across SIEM, EDR/EPP, email security, identity, network, and cloud platforms.
• Reduce false positives and improve signal quality through data-driven tuning and use-case development.
• Design and optimize security data flows, triage pipelines, and alert enrichment.
• Integrate and tune threat intelligence inputs to improve detection and response outcomes.
• Security Automation and AI-Enabled Security Operations Design, build, and maintain security automation using scripting, SOAR, integrations, and cloud/serverless components.
• Develop automations that materially reduce manual effort and improve response speed, consistency, and analyst effectiveness.
• Build and support AI-assisted security workflows (e.g., LLM-enabled triage, retrieval workflows, analyst augmentation) in secure environments.
• Implement and maintain AI guardrails, output validation, model evaluation, and governance controls for AI-enabled security operations.
• Ensure automation and AI outputs are safe, auditable, and reliable for production use.
• Security Tooling, Endpoint, and Network Security Engineering Optimize and operate EDR/EPP platforms to improve visibility, detection quality, and response actions.
• Fine-tune security controls across SIEM, EDR, firewall, IDS/IPS, proxy, and related platforms.
• Review and optimize firewall policies/rules, segmentation, VPN controls, and related network security controls.
• Support security control reviews and hardening aligned to enterprise risk requirements.
• Operations Leadership and Technical Influence Act as a senior technical liaison with MSSP partners, validating escalations, triage quality, and response outcomes.
• Improve SOC workflows, playbooks, and operational handoffs.
• Mentor junior analysts and engineers.
• Contribute to security architecture discussions and design reviews while remaining hands-on and execution-focused.