Senior Cybersecurity Operations Engineer - AI

Job Summary The Senior Cybersecurity Operations Engineer – AI is a senior technical leader within the Cybersecurity Operations Center. The role focuses on advancing detection engineering, automated response, and threat intelligence. Responsibilities include designing, developing, and continuously improving high‑fidelity detections across enterprise telemetry, engineering automated response workflows that reduce response times, and driving innovation in CSOC operations. The position also mentors junior engineers and analysts. Essential Job Functions Own the design and implementation of key IT projects and initiatives that support the organization’s long‑term security strategy. Identify improvement areas, develop and deliver new processes, and manage ambiguity with minimal supervision. Create and maintain documentation, runbooks, project updates, architecture, and technical requirements. Develop and deliver KPIs, perform data analysis using Excel PivotTables, database queries, and other tools, and produce presentations for various audiences. Serve as a subject‑matter expert in multiple information security disciplines and mentor junior staff. Maintain confidentiality, professional conduct, and resolve conflicts with clear communication. Minimum Qualifications Four or more years of experience in Information Security or Infrastructure. Intermediate to expert knowledge of network security, LDAP directories, vulnerability management, incident management, server/Desktop management, cloud architecture, SIEM, SOAR, DLP, IDS/IPS, EDR, WAF, NAC, PAM, and related cyber‑security tools. Working understanding of NIST, PCI‑DSS, and SOX controls. Preferred Experience Bachelor’s degree or equivalent in Computer Science, Networking, or Information Technology. Security certifications such as Security+, Network+, CISSP, SSCP, CCSP. Five or more years in Information Security or Infrastructure, and 5+ years in SOC, detection engineering, threat detection, or security engineering roles. Experience with detection lifecycle management, SIEM platforms (e.g., Splunk, CrowdStrike Next‑Gen SIEM, Palo Alto XSIAM), and Git‑based workflow for detections. Knowledge of testing frameworks (unit testing, regression testing, synthetic event generation) and SOAR playbooks (Cortex XSOAR, Splunk SOAR). Experience integrating threat intelligence (MISP, OpenCTI, STIX/TAXII) into SIEM and SOAR workflows. Strong alignment of detections and playbooks to MITRE ATT&CK and experience with behavior‑based detections. Experience applying AI to SOC operations such as alert summarization, triage enrichment, incident clustering, case routing, and governance of AI usage. Detection Engineering & Analytics Write high‑signal detections using SPL, KQL, EQL, Lucene, Sigma, or equivalent query languages. Design behavior‑based detections, including correlation, baselining, anomaly, and sequence detection. Tune alerts, suppress noise, and apply allowlisting. Model data, normalize logs, extract fields, parse, and enrich telemetry. Map detection coverage to MITRE ATT&CK and kill‑chain concepts. Automation, SOAR, & Response Engineering Build SOAR playbooks and automated response actions with approval gates and safe failure modes. Integrate via REST APIs, webhooks, message queues, and event‑driven designs. Manage case handling, ticketing integration, and automated evidence collection. Automate containment actions such as disabling accounts, revoking sessions, isolating endpoints, blocking indicators, and quarantining email. Threat Intelligence & Hunting Translate threat intelligence into actionable detections, hunts, enrichment, and response steps. Manage the lifecycle of IoCs, including confidence scoring and expiration handling. Apply STIX/TAXII, MISP, and OpenCTI feeds and conduct threat hunting with hypothesis‑driven techniques. AI & Agentic SOC Operations Design AI‑assisted workflows for triage, summarization, correlation, and recommendation. Build agentic workflows with human approvals, audit trails, and policy guardrails. Operate prompt engineering fundamentals for security workflows and retrieval‑augmented approaches. Evaluate AI outputs for accuracy, bias, and safety, and implement fallback procedures. Platforms & Telemetry Fundamentals of SIEM administration and search performance optimization. Endpoint telemetry and EDR concepts: process trees, persistence, lateral movement, and malware trade‑craft. Identity telemetry: authentication events, conditional access, privilege changes, and OAuth abuse. Cloud telemetry: audit logs, IAM events, workload signals, and network flow logs. Engineering Practices Scripting and automation using Python and PowerShell. Infrastructure‑as‑code concepts and configuration management practices. Git, version control, code review, and CI/CD for detection and automation content. Documentation practices for runbooks, playbooks, and detection intent and testing. Communication & Operations Incident handling and escalation judgment. Write clear, analyst‑friendly detection documentation and response instructions. Continuous improvement, post‑incident reviews, and backlog prioritization. Cross‑functional collaboration and influencing without authority. Equal Employment Opportunity The Company is an Equal Opportunity Employer. Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for the Company. The Company participates in E‑Verify. The Company will consider for employment all qualified applicants, including those with a criminal history, in a manner consistent with the requirements of all applicable federal, state, and local laws. The Company complies with the Americans with Disabilities Act (ADA) and all applicable state/local laws and will provide accommodations to applicants who need them to complete the application process. #J-18808-Ljbffr