Sr. Security Operations Engineer

About The Position

Requirements

• 6+ years in Security Operations, Incident Response, or Threat Detection roles.
• Strong hands-on experience with SIEM platforms, EDR tools, SOAR pipelines, WAF, and cloud logging/monitoring (AWS preferred).
• Expertise in network security, Linux/Windows internals, containerized workloads, and cloud-native architectures.
• Ability to lead incidents end-to-end, including analysis, forensics, containment, and long-term fixes.
• Proficiency with scripting/automation (Python, Bash, PowerShell, etc.).
• Familiarity with MITRE ATT&CK, threat hunting methodologies, and modern adversary techniques.

Nice To Haves

• Experience in high-growth SaaS, multi-cloud, or distributed environments.
• Knowledge of SOC 2, GovRAMP Moderate, TX-RAMP, NIST 800-53, and log/audit requirements.
• Experience with purple teaming, attack simulation tools, and detection gap assessments.
• Background in DevOps, cloud engineering, or IT systems administration.

Responsibilities

• Develop, tune, and maintain detections across SIEM, EDR, cloud-native logs, WAF and SaaS platforms to reduce noise and improve true positive rates.
• Partner with cloud/infrastructure teams to ensure comprehensive log coverage across AWS, Kubernetes, CI/CD pipelines, and core services.
• Build detection-as-code and automated response playbooks to improve scalability and consistency.
• Conduct proactive threat hunts based on threat intel, anomalous behavior, and TTPs used by modern threat actors.
• Analyze incidents, suspicious activity, malware, and exploits to determine impact and prevent recurrence.
• Lead deep dives into emerging threats, supply-chain risks, and vulnerabilities affecting the environment.
• Serve as a senior escalation point during real-time incidents, leading technical triage, containment, and forensic analysis.
• Develop and maintain incident response runbooks, tabletop exercises, and after-action reviews.
• Partner with AppSec, IT, and Engineering to drive durable remediation and process improvements.
• Administer and optimize security platforms including SIEM, EDR, SOAR, WAF, cloud security tooling (GuardDuty, CloudTrail, Config), vulnerability management, and identity security.
• Build scripts, workflows, and integrations that automate repetitive tasks and strengthen OpsGenie/PagerDuty-driven response processes.
• Evaluate new technologies to enhance the security operations stack and reduce time-to-detect/time-to-respond.
• Support the scanning, triage, and remediation of vulnerabilities across cloud, endpoints, containers, and third-party SaaS tools.
• Develop dashboards and metrics (MTTD/MTTR, coverage, SLA adherence, threat trends) for leadership reporting.
• Ensure configuration baselines are enforced and monitored across the environment.
• Collaborate with Engineering and IT to enable secure cloud, IAM, and network designs.
• Provide Tier 3 support during escalations from the SOC analysts and ensure clarity in ownership and response actions.
• Contribute to policy, standard, and procedure development to align with SOC 2, GovRAMP, and NIST requirements.

Benefits

• A Mission That Matters.
• Opportunity to Innovate
• A Team of Passionate, Driven People
• A Place to Make Your Mark