Security Operations Engineer

About The Position

Requirements

• 5 Years Required SOC operations experience
• 5 Years Required Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements.
• 5 Years Required Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.
• 5 Years Required Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.
• 5 Years Required Threat intelligence application expertise
• 5 Years Required Develop detection logic aligned with adversary TTPs

Nice To Haves

• 6 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
• 5 Preferred Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
• 5 Preferred Perform packet-level analysis to validate alerts and identify malicious activity
• 5 Preferred Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence
• 5 Preferred Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation
• 4 Preferred Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+)

Responsibilities

• Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
• Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
• Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
• Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
• Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
• Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
• Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
• Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
• Support SOC operations by providing detection engineering, log onboarding, and data normalization.
• Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
• Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
• Produce engineering reports, tuning documentation, and platform health assessments.
• Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
• Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps

Benefits

• medical insurance (TGL shares a percentage of the cost)
• life insurance
• a matching 401(k) plan
• a cafeteria plan