Senior Security Operations & Incident Response Engineer
Quick Overview
Job Description
Senior Security Operations & Incident Response Engineer
Salary: $112,500-$150,000
a { text-decoration: none; color: #464feb;
}
tr th, tr td { border: 1px solid #e6e6e6;
}
tr th { background-color: #f5f5f5;
}
The Engineer - Security Operations and Incident Response will be a critical function responsible for the transformation of the organization's Security Operations and Incident Response program. With a focus on maintaining resilience and protecting the global enterprise from cybersecurity threats, we operate an advanced Security Operations and Incident Response program focused on the identification, analysis, and eradication of cybersecurity threats and incidents across the organization. In support of the continued growth of this critical program, we are seeking an experienced, passionate, and highly organized engineer who will drive operational delivery excellence and continuous advancement across processes and technologies.
Primary Responsibilities
- Provide expert-level support for deep-dive investigations, including digital forensics (memory, network, and malware analysis).
- Author and refine incident response playbooks and operational guidelines to ensure the team remains agile in an evolving threat landscape.
- Develop and maintain threat models, incorporating findings from penetration tests into detection strategies.
- Design, implement, and refine complex detection rules and automated remediation workflows to identify adversarial behavior.
- Utilize threat intelligence and the MITRE ATT&CK framework to identify gaps in visibility and proactively mitigate emerging risks.
- Maintain comprehensive documentation of detection strategies, active investigations, and incident response timelines.
- Work with the SIEM team to continuously tune SIEM rules to maximize detection fidelity while minimizing alert fatigue.
- Review and tune threat intelligence systems, including brand protection and dark web monitoring capabilities.
- Demonstrate proficiency in scripting and query building using Python, XQL, PowerShell, or Bash, and experience with automation and/or orchestration (SOAR) tools.
- Support Incident Response leadership as a backup for incident response-related activities.
Qualifications
- Bachelor's degree and 5+ years of relevant experience in incident response and SOC tooling.
- In-depth knowledge of SIEM/SOAR platforms and incident response processes in hybrid cloud environments (Google Cloud Platform, Azure).
- Experience leading incident response efforts as an Incident Commander, performing root cause analysis, and driving continuous optimization of SOC tools and processes.
- Familiarity with scripting languages such as Python, PowerShell, Bash, and XQL is highly preferred.
- Understanding of regulatory compliance requirements and cybersecurity frameworks such as MITRE ATT&CK, NIST, and ISO.
- Ability to prioritize tasks effectively, manage multiple competing priorities, and work both independently and collaboratively within a team.
- Strong communication skills with the ability to translate complex technical issues and concepts into clear, concise language for non-technical audiences while emphasizing business value.
Skills
Similar jobs
Vendor Security Management Specialist
StratEdge It consulting INC · Austin, United States
34 minutes agoJourneyman Cyber Security Engineer (Splunk/TS) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
1 hour agoJourneyman Cyber Security Engineer (Splunk/SIPR) - USSOCOM EDAT Zero Trust
Kentro · Tampa, United States
1 hour agoProduct Security Analyst (Mid-Senior) with Security Clearance
Boeing · Seattle, United States
2 hours ago$148.8k - $201.3k/yrSenior Splunk Cyber Security Engineer
MANTECH · Chantilly, United States
2 hours agoSAP Security Analyst
SAIC · Arlington, United States
3 hours ago$120.0k - $160k/yr