Senior Security Operations Engineer

About The Position

Requirements

• 5+ years of progressive experience in security operations, incident response, SOC, or related cybersecurity roles
• Demonstrated experience leading investigations of real-world security incidents in enterprise environments
• Advanced understanding of security monitoring, detection engineering, and incident response frameworks
• 4+ years of strong hands-on experience with SIEM platforms, with Splunk Enterprise Security preferred
• Experience developing and tuning detections using SPL, KQL, or similar query languages
• Deep experience with endpoint security and XDR platforms
• Proven experience with vulnerability management programs and remediation workflows
• Strong knowledge of network security concepts including firewalls, WAFs, IDS/IPS, and defense-in-depth strategies
• Working knowledge of cloud security principles across AWS, Azure, and hybrid environments
• Ability to clearly document events, incidents, findings, and remediation actions
• Excellent communication skills with the ability to collaborate across technical and business teams

Nice To Haves

• Bachelor's degree in computer science, Information Systems, Engineering, or equivalent practical experience
• 4+ years of strong hands-on experience with Splunk administration, Microsoft Sentinel, or other enterprise SIEM platforms
• Familiarity with SOAR platforms and security automation technologies
• Experience supporting audits, penetration testing remediation, or regulatory assessments
• Professional certifications such as CISSP, GCIH, GCIA, SC-200, Security+, or equivalent certifications from GIAC, (ISC)², or Microsoft

Responsibilities

• Support investigation and response activities for security incidents by collaborating closely with Information Security, responding to alerts generated by SIEM, EDR, cloud security, and other security platforms.
• Investigate high‑severity and complex incidents coordinating escalation as needed with Information Security and IT teams.
• Support incident response activities during major security events with Information Security, IT and Cloud teams under the direction of designated incident response leadership.
• Partner with response teams to develop and communicate risk‑based response decisions, including containment actions, during active incidents.
• Perform deep-dive forensic analysis and root-cause investigations following security events and recommend control improvements to prevent recurrence.
• Participate in and help coordinate a 24/7 on-call rotation, responding to after-hours incidents as required.
• Design end‑to‑end detection lifecycle in Splunk Enterprise Security, from hypothesis and development through production deployment, tuning, and retirement.
• Design, build, and tune high quality signal detections that reduce false positives and improve mean time to detect and respond.
• Conduct proactive threat hunting using SIEM, endpoint, identity and cloud telemetry to identify hidden or emerging threats.
• Analyze logs and telemetry to identify trends, anomalous behavior, and indicators of compromise.
• Leverage query languages such as SPL and KQL to build effective detection and investigative workflows.
• Build, operate, and optimize Endpoint Detection and Response (EDR) solutions with a focus on scalability and automation.
• Provide subject matter expertise on detection engineering and SIEM architecture to security and IT partners.
• Support SIEM operations through use case placement, data routing decisions, and ongoing platform enhancements.
• Serve as a subject matter expert for SIEM and detection engineering, providing guidance on logging, telemetry, and monitoring design.
• Collaborate on SOAR and security automation initiatives to streamline response and remediation workflows.
• Continuously evaluate tooling capabilities and recommend pragmatic improvements aligned to operational needs.
• Act as the lead IT representative in vulnerability management processes, partnering with Information Security on risk prioritization, remediation coordination, validation, and reporting.
• Apply or coordinate approved security patches and upgrades for vulnerable systems and platforms.
• Partner with system owners to ensure timely remediation of critical vulnerabilities.
• Utilize vulnerability management platforms (e.g., Rapid7 InsightVM) to identify, prioritize, and track remediation of security risks.
• Operate and optimize Microsoft security technologies including Microsoft Sentinel, Defender, Entra ID, Intune, and Purview.
• Ensure relevant Microsoft and cloud telemetry is effectively ingested into Splunk for centralized detection and response.
• Collaborate with identity, endpoint, and core IT service teams to enhance protections across Microsoft ecosystems.
• Support logging and monitoring strategy across cloud and on-premise environments.
• Partner with Security Architecture, Cloud, Application, and Infrastructure teams on secure design and implementation efforts.
• Review third-party and vendor security assessments, identifying risks and tracking remediation activities.
• Provide expert security guidance and recommendations to project teams and business stakeholders.
• Mentor junior SecOps members and contribute to a culture of security awareness and operational excellence.
• Communicate emerging threats, risks, and mitigation strategies to technical and non-technical stakeholders.

Benefits

• low-cost medical, dental and vision insurance coverage options
• frontloads all sick time hours and a portion of vacation hours for all new employees
• variety of paid leave options
• monthly wellness benefit
• immediate 401K matching up to 5%