Consulting/Principal Security Engineer

About The Position

Requirements

• 10+ years of IT security experience, including significant incident response leadership in enterprise environments
• BS Engineering/Computer Science or equivalent experience required
• Advanced knowledge of modern security operations environments, including hybrid enterprise architectures and common attack paths.
• Demonstrated experience leading incident response activities across complex hybrid environments, including on-premises infrastructure and multi-cloud platforms (AWS, Azure, GCP).
• Strong hands-on experience engineering detections, telemetry, and monitoring solutions within AWS (e.g., CloudTrail, GuardDuty, VPC Flow Logs, and related services).
• Expertise in incident command practices: severity assessment, stakeholder coordination, containment strategies, evidence handling, eradication and recovery planning, and post-incident review.
• Strong ability to monitor, triage, and investigate security events; apply structured analysis for anomalous activity and adversary behaviors.
• Experience with enterprise logging and telemetry pipelines, log onboarding strategies, and data quality expectations (coverage, fidelity, retention).
• Experience improving detection quality and signal-to-noise (e.g., tuning, suppression, enrichment, validation, and feedback loops).
• Working knowledge of identity and access security concepts (SSO/MFA, privileged access, conditional access) and identity-driven attack patterns and detections.
• Understanding of compliance and governance initiatives and the ability to translate requirements into operational controls, procedures, and evidence.
• Vulnerability and exposure understanding sufficient to prioritize response actions (active exploitation, blast radius, compensating controls) and guide remediation.
• Familiarity with automation/SOAR concepts and scripting for investigation and response workflows (e.g., Python/PowerShell or equivalent).
• Ability to develop and implement incident response programs with measurable outcomes (response readiness, containment speed, detection coverage, exercise cadence).
• Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, including prioritizing work during incident conditions.
• Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating resources necessary to troubleshoot/diagnose complex issues; success translating findings into options/solutions; identifying risks/impacts and schedule adjustments to facilitate management decision-making.
• Advanced communication (verbal and written) and customer service skills, including the ability to brief senior/executive leadership with clear, concise, decision-oriented updates.

Nice To Haves

• advanced degree preferred
• incident handling/forensics-focused certifications (e.g., GCIH, GCFA or equivalent)
• cloud security certification(s) (AWS/Azure/GCP)

Responsibilities

• Serve as the senior incident commander and technical lead for high-severity incidents; drive structured triage, containment, eradication, and recovery across the enterprise.
• Lead and coordinate incident response efforts for high-severity events spanning hybrid and multi-cloud environments (on-prem, AWS, Azure, GCP), ensuring effective containment, eradication, and recovery.
• Own and continuously improve the incident response program: playbooks/runbooks, severity definitions, escalation paths, on-call expectations, evidence handling standards, and crisis communications patterns.
• Plan, run, and mature readiness activities including tabletop exercises and cyber range events; define objectives, measure outcomes, and ensure follow-through on remediation actions.
• Own after-action governance: facilitate post-incident reviews, establish root cause and contributing-factor analysis, drive corrective action plans, and track closure to completion (closed-loop improvement).
• Lead analysis and review of security events for anomalous activity; collaborate with peer groups to take appropriate action to safeguard company information assets against current and foreseen threats.
• Drive improvements to detection, investigation, and response processes through lessons learned, measurable corrective actions, and operational performance metrics.
• Drive the design, implementation, and continuous improvement of detection engineering and monitoring capabilities within AWS environments.
• Partner with infrastructure, cloud, endpoint, identity, and application teams to ensure response-ready logging, telemetry, and access to required investigative data sources.
• Provide guidance for threat-informed mitigation and hardening activities resulting from incidents (e.g., containment controls, identity protections, logging improvements, segmentation, credential hygiene).
• Communicate incident status, impact, and risk in executive-ready written and verbal updates; produce high-quality incident summaries and post-incident reports.
• Support compliance and governance efforts by operationalizing response procedures, documenting evidence, and ensuring repeatable execution aligned to policy and regulatory expectations.
• Assist with reviewing tools, applications, and processes to strengthen and optimize current incident response and detection capabilities, identify gaps, and recommend practical solutions to enhance effectiveness.
• Assess and measure incident response program effectiveness to ensure closed-loop operations (e.g., readiness/exercise cadence, time-to-contain, repeat incident reduction, detection coverage and quality).
• All other duties as assigned.

Benefits

• annual incentive bonus