Security Operations Engineer

About The Position

Requirements

• 3–5 years of experience in security operations, incident response, or a Security Operations Center (SOC) environment
• Strong understanding of threat detection, analysis, and response workflows across cloud and enterprise environments
• Hands-on experience managing and tuning endpoint detection and response (EDR) and Security Information and Event Management (SIEM) platforms
• Ability to craft detection and hunting queries in log/search languages (for example, KQL, SPL, or SQL-like languages
• Familiarity with identity and access management concepts, including conditional access, role-based access control, and least-privilege models
• Working knowledge of cloud security principles and modern infrastructure environments (AWS, Azure, or equivalent)
• Proficiency in at least one scripting or automation language (Python, PowerShell, or similar) for automating operational tasks
• Understanding of vulnerability management processes, from discovery to remediation coordination
• Awareness of common frameworks and standards such as NIST, CIS, or ISO 27001, and how they apply to operational security
• Strong analytical mindset and ability to distinguish real threats from noise in large data sets
• A proactive, detail-oriented approach to problem-solving and a passion for continuous improvement in security operations

Nice To Haves

• Exposure to security automation and orchestration platforms (SOAR) or custom response scripting
• Familiarity with cloud security posture management (CSPM) or cloud-native threat detection tools and how they integrate with centralized monitoring and response workflows
• Experience leveraging threat intelligence to enhance detection rules, enrich alerts, and improve response playbooks
• Familiarity with mapping detections and incidents to the MITRE ATT&CK framework

Responsibilities

• Lead and support security incident response activities, including triage, investigation, containment, and post-incident review
• Analyze and triage alerts from multiple security data sources including EDR, SIEM, and network telemetry to distinguish false positives from legitimate threats and ensure timely escalation when necessary
• Manage and tune endpoint detection and response (EDR) platforms to ensure comprehensive coverage and timely, actionable alerts
• Configure, optimize, and maintain SIEM tools to improve log visibility, rule accuracy, and correlation logic
• Contribute to threat detection engineering by developing and refining correlation rules, detection logic, and response playbooks based on emerging tactics, techniques, and procedures (TTPs)
• Implement and maintain identity and access management controls, including conditional access policies and ensuring least-privilege
• Automate recurring security operations tasks through scripting and integrations across monitoring, alerting, and response tools
• Identify and assess vulnerabilities, coordinate remediation efforts with stakeholders, and track closure of findings
• Contribute to policy and compliance initiatives, helping to align operations with internal standards and external frameworks
• Continuously improve operational efficiency and incident readiness through documentation, playbook development, and tool optimization

Benefits

• Health, Dental & Vision (Gold and Platinum with some providers plans fully covered)
• Paid parental leave
• Alternating day off (every other Monday)
• “Off the Grid”, a two week per year paid break for all employees.
• Commuter allowance
• Company-paid training