Remediation Security Engineer

About The Position

Requirements

• Bachelor’s degree or four or more years of relevant work experience.
• Three or more years of experience in Security Intelligence, Technical Writing, or Root Cause Analysis.
• Experience with Verification & Validation (V&V) processes—specifically, the ability to test and confirm that a security control is performing its intended function.
• Strong understanding of the MITRE ATT&CK framework and the ability to map adversary behaviors to defensive controls.
• Proficiency in pivoting and asset correlation to identify Shared Technical Vulnerabilities across complex network environments.
• Experience documenting technical workflows and SOP frameworks for security operations.

Nice To Haves

• Security certifications such as GIAC Cyber Threat Intelligence, CISSP, CISA, or CompTIA Security+.
• Background in Offensive Security (Red/Purple Teaming) to better facilitate the translation of TTPs into defensive guidance.
• Experience with the MITRE ATT&CK framework to map remediation efforts to specific adversarial behaviors.
• Experience with Splunk or other SIEM tools to verify that remediation efforts are properly reflected in security telemetry.
• A "proactive mindset"—the ability to look past a single bug to find the broken process or architectural flaw that allowed it to exist.
• Strong technical writing skills focused on creating engineering blueprints and clear system standards.

Responsibilities

• Drive Systemic Root Cause Analysis (RCA): Lead deep-dive investigations into recurring vulnerability classifications to identify systemic design flaws.
• Lead Investigative Threat Research & Pivoting: When a compromised asset is identified, perform technical correlation to determine if related infrastructure, subnets, or technically congruent stacks are also exposed. You will pivot from known indicators to identify secondary vulnerabilities across the network.
• Identify Shared Technical Vulnerabilities: Leverage external intelligence and internal data correlation to identify assets that mirror the technical configuration and exploitability of originally compromised targets, providing Defense teams with an expanded scope for remediation.
• Translate Offensive Intelligence: Partner with Red, Purple, and Pen Test teams to translate 100% of validated TTPs into actionable mitigation strategies mapped to the MITRE ATT&CK framework.
• Author Security Blueprints & Guardrails: Draft a suite of "Secure-by-Default" hardening guides and templates, using trend data to define high-end technical security standards.
• Advocate for Preventive Controls: Provide high-level technical guidance to inform the development of tactical playbooks and lower-level hardening guides, ensuring security is baked into the foundation of the network.
• Verification & Validation (V&V): Perform rigorous post-remediation testing to confirm that security fixes are implemented correctly and function as intended. You will "trust but verify" by using direct security testing to validate remediation claims.

Benefits

• medical
• dental
• vision
• short and long term disability
• basic life insurance
• supplemental life insurance
• AD&D insurance
• identity theft protection
• pet insurance
• group home & auto insurance
• matched 401(k) savings plan
• up to 8 company paid holidays per year
• up to 6 personal days per year
• paid parental leave
• adoption assistance
• tuition assistance
• premium pay such as overtime, shift differential, holiday pay, allowances
• up to 15 days of vacation per year