Security Operations Engineer

Lantern•Dallas, TX

4d•Hybrid

About The Position

Lantern is seeking a Security Operations Engineer who will help defend a healthcare organization operating at the intersection of patient care, claims data, and fast-moving cloud and AI workloads. You'll join a tight-knit security team that owns detection engineering, incident response, threat hunting, and the operational health of our security stack with real influence over how that stack evolves. On any given week, you might tune detections in the SIEM, MSSP on MDR escalations, push policy changes in EDR and NDR, harden Policies, validate Vulnerability findings, or operationalize new telemetry from ISP, DLP, and EDR. We're looking for someone with 4+ years of security operations experience who thinks like an engineer and operates like a hunter comfortable in Azure, fluent enough in Python or PowerShell to eliminate toil, curious enough to chase weak signals across cloud and endpoint logs, and disciplined enough to document what they build so the next person can extend it. You'll balance detection and response work with the automation and tuning that makes both faster, and you'll partner closely with GRC, IT, and legal to keep our HIPAA, HITRUST CSF v11, and SOC 2 Type II commitments meaningful in practice not just on paper. What we care about most is your judgment, your curiosity, and your willingness to make the team better than you found it.

Requirements

A minimum of 4+ years of experience in a Security Operations Center (SOC), IT security, or related security operations role
Hands-on experience with a SIEM platform (Sumo Logic, Splunk, Microsoft Sentinel, or equivalent); ability to write and tune detection queries
Proficiency with EDR platforms (CrowdStrike Falcon strongly preferred)
Working knowledge of network security fundamentals including firewalls, IDS/IPS, and network traffic analysis
Scripting proficiency in Python and/or PowerShell for automation and tool integration
Familiarity with cloud security concepts (Azure or AWS); experience investigating cloud-native log sources (Entra ID, Azure AD Sign-in Logs, CloudTrail, etc.)
Understanding of compliance-driven security operations in regulated environments (HIPAA, SOC 2, or HITRUST preferred)
Strong written communication skills for documentation, escalation, and stakeholder reporting
Exceptional interpersonal, organizational, and communication skills and ability to internalize and exemplify Lantern’s LIGHT Values.

Nice To Haves

Experience working in a mature SOC environment with defined playbooks and runbooks.
Familiarity with AI/agentic system risks including prompt injection, data exfiltration via AI interfaces, and audit log analysis for LLM-based tooling.
Experience with NDR platforms (Darktrace or equivalent)
Familiarity with DLP tools and PHI/PII investigation workflows
Exposure to vulnerability management programs (Tenable.io or equivalent)
Experience building CI/CD-integrated security automation (GitHub Actions, Azure DevOps)
Familiarity with MISP or other threat intelligence platforms
Experience with identity governance platforms (Saviynt, CyberArk, or equivalent)
Exposure to AI/ML workload security or API security monitoring
GCIA, GCIH, GCED, CySA+, or equivalent certifications
Security certifications such as CompTIA Security+, CySA+, SC-200, GCIA, or equivalent.
A continuous learning mindset with interest in emerging threats, AI/agentic system risks, and evolving security technologies.

Responsibilities

Monitor, triage, and investigate alerts across SIEM, EDR, NDR, and DLP platforms
Lead or support incident response activities including scoping, containment, eradication, and post-incident review in alignment with NIST SP 800-61r2
Develop, tune, and maintain detection rules, correlation queries, and behavioral models across the security stack
Conduct threat hunting exercises using structured methodologies (MITRE ATT&CK, hypothesis-driven)
Build and maintain security automation workflows to reduce manual triage and accelerate response (Python, PowerShell, GitHub Actions, REST APIs)
Integrate security tooling with ticketing and workflow platforms (Jira) for consistent case management and SLA tracking
Contribute to SOAR playbook development and refinement
Support vulnerability management operations including Tenable scan management, findings triage, and Jira-based remediation tracking
Maintain and optimize SIEM content, log pipelines, and data sources; ensure complete and accurate log ingestion from cloud, endpoint, network, and identity layers
Manage and tune EDR policies, exclusions, and response actions within CrowdStrike Falcon
Support DLP policy operations, including investigation support for policy violations
Maintain firewall log visibility and coordinate with network/infrastructure teams on Fortinet policy enforcement
Support evidence collection and control testing for HITRUST CSF v11 and SOC 2 Type II assessments
Contribute to security documentation including runbooks, playbooks, and operational procedures
Participate in tabletop exercises and contribute to lessons-learned outcomes
Support identity and access-related security reviews in collaboration with the IAM/infrastructure team
Monitor and investigate anomalous activity associated with AI agent infrastructure, API integrations, and LLM-based services
Contribute to security controls and detection coverage for AI workloads under the organization’s AI governance framework
Help develop behavioral baselines and detection logic specific to AI/agentic traffic patterns