Senior IT Cyber Security Engineer

About The Position

Requirements

• Strong hands-on experience with cloud-native SIEM and SOAR platforms (e.g., Google SecOps / Chronicle, Splunk, Microsoft Sentinel, or equivalent)
• Experience with SentinelOne EDR/XDR for endpoint threat triage, malware validation, alert investigation, and response actions
• Hands-on experience with Abnormal Security or equivalent AI-driven email security platforms for phishing triage, policy management, and threat remediation
• Proficiency writing and optimizing regular expressions for alert tuning, exception logic, and parser development
• Demonstrated experience with detection engineering and rule tuning methodologies in an enterprise SOC environment
• Practical experience designing or implementing security controls across hybrid cloud and on-premises environments
• Ability to collaborate effectively with engineering and infrastructure teams to integrate security requirements into technical projects
• Familiarity with incident response processes and experience supporting investigations through the full response lifecycle
• Familiarity with threat intelligence platforms (e.g., Recorded Future, ThreatConnect, or equivalent) and dark web monitoring practices
• Working knowledge of Linux systems administration, including scripting (Bash, Python) and scheduled task management
• Ability to write and maintain custom queries and dashboard logic within a SIEM environment
• Working knowledge of security frameworks such as NIST CSF and PCI-DSS and their application to enterprise security programs
• Strong documentation habits and ability to develop and standardize repeatable operational processes

Responsibilities

• Perform daily security case triage and queue management within a cloud-native SIEM platform, including noise reduction, false positive identification, and exception creation
• Develop and maintain SOAR automation playbooks, including ongoing tuning and deduplication logic
• Monitor and apply SIEM parser updates; review change logs and validate newly introduced data tags to ensure detection integrity
• Standardize and maintain detection rule naming conventions and labeling across the SOC environment
• Review, customize, and manage security playbooks pulled from integrated code repositories; validate code for security concerns prior to deployment
• Perform code scanning and vulnerability validation on playbook and automation code prior to production deployment
• Track and report on playbook usage metrics, log ingestion volumes, and establish consumption baselines to support capacity planning
• Build, maintain, and troubleshoot SOC dashboards and underlying queries; produce recurring operational reports for leadership
• Perform ongoing exception tuning as the environment evolves, including malware, PUP, and endpoint alert validation using SentinelOne EDR/XDR platform data
• Monitor and triage email-based threats using Abnormal Security; manage detection policies, investigate reported messages, and validate remediation actions
• Monitor threat intelligence platforms and dark web monitoring tooling; maintain and update monitoring coverage to address emerging indicators
• Investigate and respond to account compromise indicators, including anonymous sign-in attempts and credential-based threats; execute account remediation actions via enterprise identity management platforms
• Maintain a detection rule tuning feedback loop between SIEM case findings and the broader MSSP detection ruleset
• Manage log forwarder infrastructure, including replacement or migration projects in coordination with IT and vendor support teams
• Coordinate with vendor professional services teams as needed to validate and advance SOC tooling initiatives
• Design, implement, and continuously improve security controls across cloud and on-premises environments to reduce risk and strengthen the overall security posture
• Work closely with engineering and infrastructure teams to embed security best practices into system design, platform deployments, and operational workflows
• Evaluate and recommend security tooling, configurations, and architectural patterns in alignment with enterprise standards and risk tolerance
• Support incident response investigations from initial triage through containment, eradication, and post-incident review
• Help identify gaps in detection coverage and contribute to strengthening detection capabilities based on incident findings and emerging threat intelligence
• Contribute to the development, review, and maintenance of security policies, standards, and procedures
• Support compliance efforts aligned to established frameworks including NIST CSF and PCI-DSS, including evidence collection, gap assessment, and control documentation

Benefits

• Health, Dental, Vision, Employee Assistance Program
• Paid Vacation, Holidays, and Your Birthday off
• Generous Employee Discount on home furnishings
• Professional Development Opportunities
• Ashley Wellness Centers (location specific) and Medical Tourism
• Telehealth
• 401(k) and Profit Sharing
• Life Insurance