Senior SecOps Engineer

About The Position

Requirements

• 8+ years of experience in SecOps, DevOps, security engineering, or software development with an automation focus in SaaS environments.
• Proficient in scripting and automation (Python, PowerShell, etc) and integrating with APIs.
• Experience managing or collaborating with a managed security provider (MSSP/MDR/SOC).
• Strong grasp of SIEM and EDR ecosystems, including alert tuning and log analysis.
• Familiarity with cloud security (AWS, Azure) and infrastructure-as-code concepts.
• Excellent analytical, communication, and documentation skills.

Nice To Haves

• Background in software or application development before transitioning into security.
• Experience building integrations between security tools and Jira, Teams, ticketing systems and with CAASM tools that automate inventory, gap-detection, and enforcement (Axonius, JupiterOne)
• Knowledge of ERD/vulnerability management tools (Tenable, Defender, Crowdstrike Falcon).
• Experience in regulated environments (HIPAA, SOC 2, HITRUST).
• Certifications such as CISSP, GCIH, GCIA, or AWS, Azure security specialty are a plus.

Responsibilities

• Design, build, and maintain automation workflows to eliminate manual SecOps tasks (Python, PowerShell, APIs, orchestration tools).
• Integrate data and events from multiple sources (EDR, SIEM, cloud logs, vulnerability scanners, identity systems) to enhance visibility and context.
• Develop reusable scripts, playbooks, and evidence collection automations to support compliance and incident response via aggregation tools and dashboarding.
• Serve as the primary technical interface between our internal team and the managed SOC provider.
• Continuously refine alert logic, escalation paths, and severity classifications to reduce false positives.
• Review and validate detections, ensuring coverage aligns with the company’s threat model and risk priorities.
• Provide feedback and data to the SOC to tune detections and automate enrichment processes.
• Conduct after-action reviews with the SOC to improve handoffs and documentation quality.
• Lead internal investigation and response when incidents are escalated from the SOC.
• Build and maintain playbooks and runbooks for repeatable, automated responses.
• Coordinate containment, root cause analysis, and lessons learned with cross-functional teams.
• Perform post-incident analysis to improve detection rules and reduce future alert fatigue.
• Manage the vulnerability lifecycle — scanning, prioritization, and coordination of remediation across IT and Engineering.
• Correlate vulnerabilities with asset ownership and exposure context using automation.
• Track and report remediation SLAs and provide risk-based metrics to leadership.
• Partner with DevOps and engineering to implement automated guardrails and least-privilege IAM policies.
• Conduct reviews of cloud configurations (AWS, Azure, GCP) and recommend automated controls.
• Build event-driven detection and response functions using cloud-native tools.
• Work closely with Compliance to provide evidence for audits (SOC 2, HITRUST).
• Mentor junior security team members and offshore resources in automation, scripting, and incident response.
• Advocate for “build once, automate forever” within security operations.

Benefits

• Generous health, dental, & vision benefits package
• Flexible paid time off
• 11 paid company holidays
• 401k + matching
• Parental leave
• Access to our award-winning RethinkCare platform supporting neurodiversity in the workplace through parental success, professional resilience, and personal wellbeing.