Security Analyst/Engineer

About The Position

Requirements

• 5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments.
• Demonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable).
• Proven track record managing EDR/MDR/XDR solutions and performing endpoint investigations.
• Hands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling.
• Experience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation.
• Real-world experience coordinating cross-functional incident response activities and driving remediation to completion.
• Scripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection.
• Strong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting.
• Familiarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools.
• Knowledge of security controls, hardening standards, and configuration baselines.
• Ability to read and interpret logs and telemetry across endpoints, network devices, and cloud services.
• Superior written and verbal communication; able to explain technical findings to non-technical and executive audiences.
• Decisive under pressure, methodical in evidence collection, and disciplined in documentation.
• Collaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners).
• Strong project management and organizational skills with an eye for measurable outcomes.
• Ability to travel up to 15% of the time.

Nice To Haves

• Certifications: CISSP, GCIH, GCFA, ECIH, or Security+ (or equivalent).
• Prior role as a dedicated incident responder or IR team lead.
• Experience with Microsoft Defender for Endpoint, Azure Security Center, and native cloud telemetry.
• Familiarity with compliance frameworks (SOC 2, NIST CSF/800-171, ISO 27001) and how detection/IR maps to them.
• Experience in multi-site enterprise environments and with M&A integration security.

Responsibilities

• Security Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting.
• SOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events.
• Incident Response: Lead detection → containment → eradication → recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths.
• EDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations.
• Vulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines.
• Detection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy.
• M&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach's security baselines.
• Training & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement.
• Reporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations.
• Third-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners.

Benefits

• Base salary range of $120K - $130K
• Full portfolio of medical, dental, and vision benefits, along with 401K plan and company match.
• HSA, FSA, and life insurance offerings.
• Maximize your professional development with our award-winning Learning & Engagement team.
• Engage in our "We Care" culture through our ERGs, brought to you by EMBRACE.
• Career pathing flexibility and mobility.