SECURITY OPERATIONS CENTER ENGINEER - 72003907

About The Position

Requirements

• Understanding of cloud application platforms, cloud concepts, or cloud security fundamentals.
• Understanding of database querying languages such as SQL.
• Familiarity with logging pipeline concepts, including normalization, parsing, schema standards, and log source onboarding.
• Familiarity with enterprise security tools, sensors, agents, or connectors (EDR, network sensors, cloud telemetry, etc.).
• Knowledge of various industry-standard cybersecurity frameworks: NIST CSF 2.0 – Identify, Protect, Detect, Respond, Recover, and Govern; ISO 27001, CIS Controls Top 18
• Excellent analytical and technical skills.
• Strong communication skills (oral and written) with the ability to communicate with all levels.
• Ability to work collaboratively in a team supporting 24×7 operations.
• Ability to research, interpret and prepare reports, presentations, and other documents.
• Ability to manage time, prioritize and organize tasks, and work in a fast-paced environment.
• Ability to read and interpret structured and unstructured data, including JSON, logs, and telemetry feeds.
• At least three years of experience in cybersecurity, information technology, computer science, or a related field
• At least three years of experience administering or supporting Linux and/or Windows systems.
• At least one year of technical experience in security engineering, system administration, cloud operations, or log/telemetry management.
• At least one year of experience designing, implementing, securing, and/or troubleshooting complex enterprise (preferably cloud) networks.

Nice To Haves

• Experience working with security logging or monitoring platforms (e.g., SIEM, XDR, cloud logging services).
• Experience with writing scripting languages (e.g., Python, Bash, PowerShell) sufficient for automation or troubleshooting.
• Understanding of OCSF schema standards.

Responsibilities

• Maintain baseline configurations and assist with deployment and monitoring of tool integrations across Security Lake, Operations platform, CTI platform, and other enterprise security platforms.
• Configure, tune, and validate sensors, agents, connectors, and ingestion pipelines to ensure consistent and accurate telemetry flow.
• Troubleshoot ingestion issues, schema mismatches, logging failures, and other engineering problems affecting SOC operations.
• Support coordination of engineering activities with the Security Engineering Lead and collaborate with SOC Team Leads to align engineering support with analyst needs.
• Participate in briefings, interagency technical discussions, and enterprise coordination activities as assigned.
• Collaborate across teams on cross-functional initiatives while ensuring engineering contributions align with shared objectives.
• Monitor ingestion health, schema alignment, and event fidelity across AWS Security Lake and integrated log sources.
• Validate telemetry accuracy and resolve gaps or inconsistencies reported by analysts or identified during engineering checks.
• Ensure adherence to schema standards and normalization requirements for all data flowing into Security Lake.
• Support onboarding, documentation, and lifecycle management of new log sources.
• Ensure complete and accurate documentation of engineering work, including configuration changes, integrations, and troubleshooting procedures.
• Analyze ingestion patterns, telemetry quality, and historical engineering issues to identify systemic weaknesses or opportunities for improved system performance.
• Support continuous improvement by refining ingestion logic, engineering SOPs, and automation workflows.
• Contribute to engineering performance measurement, maturity roadmap execution, and automation efforts as directed.
• Provide engineering support to CSOC by addressing telemetry gaps, correcting ingestion issues, and optimizing data sources needed for monitoring and analysis.
• Implement technical fixes based on analyst feedback, including adjustments to log sources, connectors, and system parameters.
• Assist analysts by enabling access to logs, resolving ingestion or query issues, and ensuring the tools function consistently and effectively.