Security Operations Engineer

About the Role

The Security Operations Engineer supports the day-to-day operation of security technologies that safeguard corporate systems, cloud platforms, and production environments. This individual plays a key role in identifying, investigating, and responding to security events while helping maintain the overall health of security controls.

This position focuses on detection, investigation, vulnerability remediation, and maintaining secure cloud environments. The engineer will collaborate closely with teams across infrastructure, engineering, and IT to reduce risk, improve response times, and ensure security tools operate effectively across both regulated and standard environments.

This is a hands-on technical role that requires strong analytical skills, practical incident response experience, and the ability to make sound technical decisions in time-sensitive situations.

Core Responsibilities Monitoring, Detection, and Incident Response

• Maintain and improve centralized logging and monitoring platforms, including onboarding new data sources and refining alerting logic to improve signal quality.
• Develop and maintain detection logic aligned to known threat behaviors and create response procedures to address potential incidents.
• Participate in the response to security events, including investigation, containment, evidence collection, root cause identification, and follow-up reporting.
• Coordinate incident response efforts with internal stakeholders and maintain clear documentation supporting investigative workflows and reporting needs.
• Keep incident response guides, documentation, and procedures up to date to support operational readiness and compliance expectations.

Vulnerability Management

• Support vulnerability management processes across endpoints, servers, containerized workloads, and cloud-based systems.
• Validate findings, help prioritize remediation efforts, and track resolution timelines.
• Work with system owners to ensure remediation efforts progress appropriately and escalate risks when necessary.
• Generate reports and metrics that highlight overall risk posture and trends over time.

Cloud Security Operations

• Support security configuration and monitoring practices across cloud environments.
• Identify configuration risks and collaborate with platform teams to correct issues and strengthen baseline security controls.
• Assist with maintaining guardrails that reduce the likelihood of misconfigurations and security gaps.

Endpoint Protection

• Manage endpoint security tools across enterprise systems, including maintaining policies, reviewing alerts, and ensuring telemetry visibility.
• Investigate suspicious endpoint behavior and coordinate response actions with IT teams when required.

Identity and Access Oversight

• Assist with monitoring privileged account usage and supporting periodic access reviews.
• Investigate authentication anomalies and contribute identity-related telemetry to monitoring workflows.
• Support secure credential handling practices, including identifying and addressing exposed credentials or improper usage.

Threat Intelligence and Proactive Defense

• Review threat intelligence from a variety of sources and translate relevant insights into actionable detections or monitoring improvements.
• Conduct proactive threat hunting activities based on emerging risks and environmental trends.

Data Protection Support

• When applicable, assist with tools that help monitor and protect sensitive data by reviewing alerts and supporting policy refinement.

Security Platform Support

• Assist with deploying, maintaining, and integrating security technologies into broader enterprise systems.
• Develop scripts and automation to streamline repetitive tasks and improve operational efficiency.
• Participate in evaluating new tools through testing and proof-of-concept work to support long-term platform strategy decisions.

Required Qualifications

• Approximately five or more years of hands-on experience in security operations, incident response, or a closely related technical discipline.
• Demonstrated experience working with centralized logging or monitoring platforms in a production environment.
• Experience participating in real-world security incident response efforts from detection through post-event analysis.
• Working knowledge of cloud security principles within at least one major cloud platform.
• Familiarity with vulnerability management processes and remediation coordination.
• Scripting or automation experience using languages such as Python, PowerShell, or similar tools.
• Understanding of modern detection practices and incident response workflows.
• Strong written and verbal communication skills, with the ability to explain technical risk to varied audiences.
• Bachelor's degree in a technical discipline or equivalent practical experience.

Preferred Qualifications

• Experience working in environments subject to recognized security or compliance frameworks.
• Familiarity with specialized or restricted cloud environments.
• Experience administering enterprise-scale endpoint security tools.
• Exposure to cloud configuration and risk management platforms.
• Experience writing or maintaining detection rules using common query languages.
• Familiarity with enterprise identity platforms and authentication monitoring.
• Relevant technical certifications in incident response, forensics, or offensive security disciplines.
• Ability to obtain government or regulated-environment security authorization if required.