Senior Cybersecurity Operations Engineer - AI

Bread Financial•Chadds Ford Township, PA

20h•$97,900 - $221,800•Hybrid

About The Position

The Senior Cybersecurity Operations Engineer - AI serves as a senior technical leader within the Cybersecurity Operations Center, focused on advancing detection engineering, automated response, and threat intelligence capabilities to defend critical information assets. This role is responsible for designing, developing, and continuously improving high-fidelity detections across enterprise telemetry, as well as engineering automated response workflows that reduce response times and operational burden. Building on a strong foundation in security engineering, this individual will champion modern CSOC practices including detection-as-code, threat-informed defense, and the integration of AI and agentic workflows to optimize alert triage, enrichment, and incident response. The Sr. Engineer partners closely with cross-functional teams across infrastructure, cloud, identity, and application domains to ensure visibility, coverage, and coordinated response to evolving threats. As a subject matter expert, this role drives innovation in CSOC operations, translates threat intelligence into actionable detections and hunts, and continuously measures and improves detection effectiveness. The position also serves as a mentor to junior engineers and analysts, fostering technical growth and promoting scalable, repeatable security operations processes.

Requirements

Four or more years experience in Information Security or Infrastructure.
Intermediate to expert level knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tools (Security Incident Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), Data Loss Prevention (DLP) , Intrusion Detection System (IDS), Intrusion Prevention System (IPS), End User Behavioral Analytics (EUBA), Web Application Firewall (WAF), Network Access Control (NAC), Privileged Access Management (PAM), Endpoint Detection Response (EDR)).
Broad range of skills with different technical platforms (firewalls, servers, workstations, networks, storage, security, Internet and cloud (SaaS / IaaS / PaaS) technologies).
Working understanding of NIST security standards, PCI - DSS and SOX controls.
Detection Engineering and Analytics Writing high-signal detections using SPL, KQL, EQL, Lucene, Sigma, or equivalent query languages.
Behavior-based detection design, including correlation, baselining, anomaly, and sequence detection.
Alert tuning, suppression, allowlisting, and noise reduction.
Data modeling, normalization, field extraction, parsing, and enrichment strategies.
Detection coverage mapping to MITRE ATT&CK and kill chain concepts.
Automation, SOAR, and Response Engineering Building SOAR playbooks and automated response actions with approval gates and safe failure modes.
Integrations via REST APIs, webhooks, message queues, and event-driven designs.
Case management, ticketing integration, and automated evidence collection.
Automated containment actions: disable accounts, revoke sessions, isolate endpoints, block indicators, quarantine email, update firewall rules.
Threat Intelligence and Hunting Converting TI into actionable detections, hunts, enrichment, and prioritized response steps.
IOC lifecycle management, confidence scoring, and expiration handling.
Familiarity with STIX/TAXII, MISP, OpenCTI, and TI feeds.
Threat hunting methodologies, hypothesis-driven hunting, and translating hunts into detections.
AI and Agentic SOC Operations Designing AI-assisted workflows for triage, summarization, correlation, and recommendation.
Building agentic workflows with human approvals, audit trails, and policy guardrails.
Prompt engineering fundamentals for security workflows and retrieval-augmented approaches.
Evaluating AI outputs for accuracy, bias, and safety, including fallback procedures.
Platforms and Telemetry SIEM administration fundamentals and search performance optimization.
Endpoint telemetry and EDR concepts: process trees, persistence, lateral movement, and malware tradecraft.
Identity telemetry: authentication events, conditional access, privilege changes, and OAuth abuse.
Cloud telemetry: audit logs, IAM events, workload signals, and network flow logs.
Engineering Practices Scripting and automation using Python and PowerShell.
Infrastructure as code concepts and configuration management practices.
Git, version control, code review, and CI/CD for detection and automation content.
Documentation practices for runbooks, playbooks, and detection intent and testing.
Communication and Operations Incident handling and escalation judgment.
Writing clear, analyst-friendly detection documentation and response instructions.
Operational maturity mindset: continuous improvement, post-incident reviews, and backlog prioritization.
Cross-functional collaboration and influencing without authority.

Nice To Haves

Bachelor’s or equivalent experience in Computer Science, Networking or Information Technology
Certification: Security +, Network+, CISSP, SSCP, CCSP
Five or more years experience in Information Security or Infrastructure experience.
5+ years in SOC, detection engineering, threat detection, or security engineering roles
Demonstrated ownership of detection lifecycle: ideation, development, tuning, deployment, validation, and continuous improvement.
Hands-on experience building and maintaining detections in one or more SIEM platforms (Splunk, CrowdStrike Next-Gen SIEM, Palo Alto XSIAM).
Proven experience onboarding and normalizing logs across endpoint, identity, cloud, network, and application sources.
Experience managing detections using Git-based workflows, code review, branching strategies, and CI/CD principles.
Familiarity with testing frameworks for detections (unit testing logic, regression testing, synthetic event generation, and controlled replay).
3+ years designing and implementing SOAR playbooks and response automations (Cortex XSOAR, Splunk SOAR).
Demonstrated success reducing mean time to detect and respond through automation and orchestration.
Experience translating intelligence into practical outcomes such as detections, hunts, enrichment, and response actions.
Familiarity with TI platforms and standards (MISP, OpenCTI, STIX/TAXII) and integrating TI into SIEM and SOAR workflows.
Strong experience mapping detections and response playbooks to MITRE ATT&CK.
Experience building behavior-based detections that reduce reliance on static indicators.
Experience applying AI to detection engineering or SOC operations such as alert summarization, triage enrichment, incident clustering, case routing, and knowledge retrieval.
Experience designing guardrails for AI usage: human-in-the-loop approvals, audit logging, data handling controls, and prompt or workflow governance.

Responsibilities

Own the design and the implementation of key IT projects and initiatives as they pertain to the organization's long-term security strategy.
Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
Ability to manage ambiguity and deliver quality results with minimal supervision in coordinating projects and other deliverables.
Willingness to escalate identified issues as necessary and the ability to identify when to partner with leadership to resolve issues, risks or obstacles.
Builds consensus for delivering results while finding common ground for collaboration and partnership.
Lead the creation of and the maintenance of relevant documentation including the ability to deliver run books, project updates, process documentation, architecture and technical requirements and presentations.
Develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure.
Ability to produce meaningful and actionable metrics through data analysis.
Conduct data analysis exercises using Excel Pivot Tables, database queries, and other data driven analysis tools.
Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools.
Ability to work in a team-fostered, fast-paced, multi-threaded environment.
Serve as the subject matter expert in various technical Information Security disciplines and mentoring junior staff.
Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department.
Comprehensive understanding of the InfoSec team’s strategy and vision and actively works as a change agent to support these initiatives both within the InfoSec team and the broader organization.
Identifies and understands drivers for change and will act as an individual champion or partner with leadership to deliver those changes.
Effectively partners with peers within the department to include them in key projects, risks or issues.
Intermediate to expert interpersonal, negotiation and oral communication skills expected.
Ability to maintain the highest level of confidentiality and professionalism.
Ability to proactively identify potential issues and deliver well-reasoned solutions.
Ability to diffuse problematic situations and manage through conflict resolution.
Ability to decompose complex topics and break them down into laymen’s terms or analogies that help drive clarity and understanding.
Viewed as an enabling partner that provides alternative options or supporting information when saying no to business or IT requests.
Seen by leadership and peers as creditable, trustworthy and respectful.
Own the design and the implementation of key IT projects and initiatives as they pertain to the organization's long-term security strategy.
Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
Ability to manage ambiguity and deliver quality results with minimal supervision in coordinating projects and other deliverables.
Willingness to escalate identified issues as necessary and the ability to identify when to partner with leadership to resolve issues, risks or obstacles.
Builds consensus for delivering results while finding common ground for collaboration and partnership.
Lead the creation of and the maintenance of relevant documentation including the ability to deliver run books, project updates, process documentation, architecture and technical requirements and presentations.
Develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure.
Ability to produce meaningful and actionable metrics through data analysis.
Conduct data analysis exercises using Excel Pivot Tables, database queries, and other data driven analysis tools.
Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools.
Ability to work in a team-fostered, fast-paced, multi-threaded environment.
Serve as the subject matter expert in various technical Information Security disciplines and mentoring junior staff.
Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department.
Comprehensive understanding of the InfoSec team’s strategy and vision and actively works as a change agent to support these initiatives both within the InfoSec team and the broader organization.
Identifies and understands drivers for change and will act as an individual champion or partner with leadership to deliver those changes.
Effectively partners with peers within the department to include them in key projects, risks or issues.
Intermediate to expert interpersonal, negotiation and oral communication skills expected.
Ability to maintain the highest level of confidentiality and professionalism.
Ability to proactively identify potential issues and deliver well-reasoned solutions.
Ability to diffuse problematic situations and manage through conflict resolution.
Ability to decompose complex topics and break them down into laymen’s terms or analogies that help drive clarity and understanding.
Viewed as an enabling partner that provides alternative options or supporting information when saying no to business or IT requests.
Seen by leadership and peers as creditable, trustworthy and respectful.
Design and implement key IT projects and initiatives as they pertain to the organization's long-term security strategy.
Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
Manage ambiguity and deliver quality results with minimal supervision in coordinating projects and other deliverables.
Escalate identified issues as necessary and identify when to partner with leadership to resolve issues, risks or obstacles.
Build consensus for delivering results while finding common ground for collaboration and partnership.
Create and maintain relevant documentation including run books, project updates, process documentation, architecture and technical requirements, and presentations.
Develop and deliver Key Performance Indicators (KPIs) by helping to develop, maintain and mature the associated reporting structure.
Produce meaningful and actionable metrics through data analysis.
Conduct data analysis exercises using Excel Pivot Tables, database queries, and other data-driven analysis tools.
Produce presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools.
Work in a team-fostered, fast-paced, multi-threaded environment.
Serve as the subject matter expert in various technical Information Security disciplines and mentor junior staff.
Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department.
Understand the InfoSec team’s strategy and vision and actively work as a change agent to support these initiatives both within the InfoSec team and the broader organization.
Identify and understand drivers for change and act as an individual champion or partner with leadership to deliver those changes.
Effectively partner with peers within the department to include them in key projects, risks or issues.
Utilize intermediate to expert interpersonal, negotiation, and oral communication skills.
Maintain the highest level of confidentiality and professionalism.
Proactively identify potential issues and deliver well-reasoned solutions.
Diffuse problematic situations and manage through conflict resolution.
Decompose complex topics and break them down into laymen’s terms or analogies that help drive clarity and understanding.
Act as an enabling partner that provides alternative options or supporting information when saying no to business or IT requests.
Be viewed by leadership and peers as creditable, trustworthy, and respectful.
Design and implement key IT projects and initiatives as they pertain to the organization's long-term security strategy.
Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
Manage ambiguity and deliver quality results with minimal supervision in coordinating projects and other deliverables.
Escalate identified issues as necessary and identify when to partner with leadership to resolve issues, risks or obstacles.
Build consensus for delivering results while finding common ground for collaboration and partnership.
Create and maintain relevant documentation including run books, project updates, process documentation, architecture and technical requirements, and presentations.
Develop and deliver Key Performance Indicators (KPIs) by helping to develop, maintain and mature the associated reporting structure.
Produce meaningful and actionable metrics through data analysis.
Conduct data analysis exercises using Excel Pivot Tables, database queries, and other data-driven analysis tools.
Produce presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools.
Work in a team-fostered, fast-paced, multi-threaded environment.
Serve as the subject matter expert in various technical Information Security disciplines and mentor junior staff.
Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department.
Understand the InfoSec team’s strategy and vision and actively work as a change agent to support these initiatives both within the InfoSec team and the broader organization.
Identify and understand drivers for change and act as an individual champion or partner with leadership to deliver those changes.
Effectively partner with peers within the department to include them in key projects, risks or issues.
Utilize intermediate to expert interpersonal, negotiation, and oral communication skills.
Maintain the highest level of confidentiality and professionalism.
Proactively identify potential issues and deliver well-reasoned solutions.
Diffuse problematic situations and manage through conflict resolution.
Decompose complex topics and break them down into laymen’s terms or analogies that help drive clarity and understanding.
Act as an enabling partner that provides alternative options or supporting information when saying no to business or IT requests.
Be viewed by leadership and peers as creditable, trustworthy, and respectful.
Design, develop, and continuously improve high-fidelity detections across enterprise telemetry.
Engineer automated response workflows that reduce response times and operational burden.
Champion modern CSOC practices including detection-as-code, threat-informed defense, and the integration of AI and agentic workflows.
Optimize alert triage, enrichment, and incident response.
Partner closely with cross-functional teams across infrastructure, cloud, identity, and application domains to ensure visibility, coverage, and coordinated response to evolving threats.
Drive innovation in CSOC operations.
Translate threat intelligence into actionable detections and hunts.
Continuously measure and improve detection effectiveness.
Serve as a mentor to junior engineers and analysts, fostering technical growth and promoting scalable, repeatable security operations processes.