Senior Cybersecurity Operations Engineer - AI

Every career journey is personal. That's why we empower you with the tools and support to create your own success story.Be challenged. Be heard. Be valued. Be you ... be here.Job SummaryThe Senior Cybersecurity Operations Engineer - AI serves as a senior technical leader within the Cybersecurity Operations Center, focused on advancing detection engineering, automated response, and threat intelligence capabilities to defend critical information assets. This role is responsible for designing, developing, and continuously improving high-fidelity detections across enterprise telemetry, as well as engineering automated response workflows that reduce response times and operational burden.Building on a strong foundation in security engineering, this individual will champion modern CSOC practices including detection-as-code, threat-informed defense, and the integration of AI and agentic workflows to optimize alert triage, enrichment, and incident response. The Sr. Engineer partners closely with cross-functional teams across infrastructure, cloud, identity, and application domains to ensure visibility, coverage, and coordinated response to evolving threats.As a subject matter expert, this role drives innovation in CSOC operations, translates threat intelligence into actionable detections and hunts, and continuously measures and improves detection effectiveness. The position also serves as a mentor to junior engineers and analysts, fostering technical growth and promoting scalable, repeatable security operations processes..Essential Job FunctionsProcess and Project Management: Own the design and the implementation of key IT projects and initiatives as they pertain to the organization's long-term security strategy. Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps. Ability to manage ambiguity and deliver quality results with minimal supervision in coordinating projects and other deliverables. Willingness to escalate identified issues as necessary and the ability to identify when to partner with leadership to resolve issues, risks or obstacles. Builds consensus for delivering results while finding common ground for collaboration and partnership.Documentation, Metrics and Presentations: Understand the various tools and technologies commonly associated with Information Security. Lead the creation of and the maintenance of relevant documentation including the ability to deliver run books, project updates, process documentation, architecture and technical requirements and presentations. Develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure. Ability to produce meaningful and actionable metrics through data analysis. Conduct data analysis exercises using Excel Pivot Tables, database queries, and other data driven analysis tools. Produces presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools.Leadership and Development: Ability to work in a team-fostered, fast-paced, multi-threaded environment. Serve as the subject matter expert in various technical Information Security disciplines and mentoring junior staff. Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department. Comprehensive understanding of the InfoSec team’s strategy and vision and actively works as a change agent to support these initiatives both within the InfoSec team and the broader organization. Identifies and understands drivers for change and will act as an individual champion or partner with leadership to deliver those changes. Effectively partners with peers within the department to include them in key projects, risks or issues. Intermediate to expert interpersonal, negotiation and oral communication skills expected.Human Relations: Ability to maintain the highest level of confidentiality and professionalism. Ability to proactively identify potential issues and deliver well-reasoned solutions. Ability to diffuse problematic situations and manage through conflict resolution. Ability to decompose complex topics and break them down into laymen’s terms or analogies that help drive clarity and understanding. Viewed as an enabling partner that provides alternative options or supporting information when saying no to business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful.Reports to: Manager, Information SecurityWorking Conditions/ Physical Requirements:Normal office environment. (Remote or Hybrid), 3 to 4 days per month are required in office if within 60 miles of a posted Bread Financial location.Some travel may be required.As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends.Direct Reports: NoneMinimum Qualifications:Four or more years experience in Information Security or Infrastructure.Intermediate to expert level knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tools (Security Incident Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), Data Loss Prevention (DLP) , Intrusion Detection System (IDS), Intrusion Prevention System (IPS), End User Behavioral Analytics (EUBA), Web Application Firewall (WAF), Network Access Control (NAC), Privileged Access Management (PAM), Endpoint Detection Response (EDR). Broad range of skills with different technical platforms (firewalls, servers, workstations, networks, storage, security, Internet and cloud (SaaS / IaaS / PaaS) technologies). Working understanding of NIST security standards, PCI - DSS and SOX controls.Preferred Experience:Bachelor’s or equivalent experience in Computer Science, Networking or Information TechnologyCertification: Security +, Network+, CISSP, SSCP, CCSPFive or more years experience in Information Security or Infrastructure experience.5+ years in SOC, detection engineering, threat detection, or security engineering rolesDemonstrated ownership of detection lifecycle: ideation, development, tuning, deployment, validation, and continuous improvement.Hands-on experience building and maintaining detections in one or more SIEM platforms (Splunk, CrowdStrike Next-Gen SIEM, Palo Alto XSIAM).Proven experience onboarding and normalizing logs across endpoint, identity, cloud, network, and application sources.Experience managing detections using Git-based workflows, code review, branching strategies, and CI/CD principles.Familiarity with testing frameworks for detections (unit testing logic, regression testing, synthetic event generation, and controlled replay).3+ years designing and implementing SOAR playbooks and response automations (Cortex XSOAR, Splunk SOAR).Demonstrated success reducing mean time to detect and respond through automation and orchestration.Experience translating intelligence into practical outcomes such as detections, hunts, enrichment, and response actions.Familiarity with TI platforms and standards (MISP, OpenCTI, STIX/TAXII) and integrating TI into SIEM and SOAR workflows.Strong experience mapping detections and response playbooks to MITRE ATT&CK.Experience building behavior-based detections that reduce reliance on static indicators.Experience applying AI to detection engineering or SOC operations such as alert summarization, triage enrichment, incident clustering, case routing, and knowledge retrieval.Experience designing guardrails for AI usage: human-in-the-loop approvals, audit logging, data handling controls, and prompt or workflow governance.Skills:Detection Engineering and AnalyticsWriting high-signal detections using SPL, KQL, EQL, Lucene, Sigma, or equivalent query languagesBehavior-based detection design, including correlation, baselining, anomaly, and sequence detectionAlert tuning, suppression, allowlisting, and noise reductionData modeling, normalization, field extraction, parsing, and enrichment strategiesDetection coverage mapping to MITRE ATT&CK and kill chain conceptsAutomation, SOAR, and Response EngineeringBuilding SOAR playbooks and automated response actions with approval gates and safe failure modesIntegrations via REST APIs, webhooks, message queues, and event-driven designsCase management, ticketing integration, and automated evidence collectionAutomated containment actions: disable accounts, revoke sessions, isolate endpoints, block indicators, quarantine email, update firewall rulesThreat Intelligence and HuntingConverting TI into actionable detections, hunts, enrichment, and prioritized response stepsIOC lifecycle management, confidence scoring, and expiration handlingFamiliarity with STIX/TAXII, MISP, OpenCTI, and TI feedsThreat hunting methodologies, hypothesis-driven hunting, and translating hunts into detectionsAI and Agentic SOC OperationsDesigning AI-assisted workflows for triage, summarization, correlation, and recommendationBuilding agentic workflows with human approvals, audit trails, and policy guardrailsPrompt engineering fundamentals for security workflows and retrieval-augmented approachesEvaluating AI outputs for accuracy, bias, and safety, including fallback proceduresPlatforms and TelemetrySIEM administration fundamentals and search performance optimizationEndpoint telemetry and EDR concepts: process trees, persistence, lateral movement, and malware tradecraftIdentity telemetry: authentication events, conditional access, privilege changes, and OAuth abuseCloud telemetry: audit logs, IAM events, workload signals, and network flow logsEngineering PracticesScripting and automation using Python and PowerShellInfrastructure as code concepts and configuration management practicesGit, version control, code review, and CI/CD for detection and automation contentDocumentation practices for runbooks, playbooks, and detection intent and testingCommunication and OperationsIncident handling and escalation judgmentWriting clear, analyst-friendly detection documentation and response instructionsOperational maturity mindset: continuous improvement, post-incident reviews, and backlog prioritizationCross-functional collaboration and influencing without authorityOther DutiesThis job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time.Salary Range (unless otherwise noted below):$97,900.00 - $177,400.00Full Salary Range for position:California: $112,600.00 - $221,800.00 Colorado: $97,900.00 - $186,300.00 New York: $107,700.00 - $221,800.00 Washington: $102,800.00 - $204,000.00 Maryland: $102,800.00 - $195,200.00 Washington DC: $112,600.00 - $204,000.00 Illinois: $97,900.00 - $195,200.00 New Jersey: $112,600.00 - $204,000.00 Vermont: $97,900.00 - $177,400.00 Ohio: $97,900.00 - $177,400.00Maine: $97,900.00 - $177,400.00The actual base pay within this range may be dependent upon many factors, which may include, but are not limited to, work location, education, experience, and skills.Bread Financial offers medical, prescription drug, dental, vision, and other voluntary benefits (including basic and optional life insurance, supplemental medical plans, and short and long-term disability) to eligible associates (regular full-time associates scheduled to work 30 hours per week or more) and their spouses/domestic partners, and child(ren) under the age of 26. New associate elected coverage begins on date of hire (with the exception of disability coverage which has a 6-month waiting period). Six weeks of 100% paid parental leave for eligible parents is available after a 180-day waiting period. Hired associates can immediately enroll in Bread Financial’s 401(k) plan.All associates receive 11 paid holidays. Associates have discretion in managing their time away from work through the Flexible Time Off (FTO) program and may need to notify and receive approval from their manager prior to taking the time off. Associates (except those located in Illinois) receive 80 hours of Paid Sick and Safe Time (“PSST”) upon hire and at the beginning of each subsequent calendar year. Illinois associates receive 40 hours of Illinois PSST upon hire and at the beginning of each subsequent calendar year and 40 hours of Illinois Paid Leave upon hire and at the beginning of each subsequent calendar year. Illinois Paid Leave must be used before associates in Illinois will be approved to take FTO.Hired associates will be able to elect the purchase company stock during offering periods in June and December. You will be eligible for an annual incentive bonus based on individual and company performance.Click here for more Benefits information.About Bread FinancialAt Bread Financial, you’ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We’ve been consistently recognized as a best place to work nationally and in many markets and we’re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled—both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression.Bread Financial (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending and saving solutions to millions of U.S. consumers. Our payment solutions deliver growth for some of the most recognized brands in travel & entertainment, health & beauty, technology, electronics, jewelry, home and specialty apparel through our co-brand and private label credit cards and pay-over-time products providing choice and value to our shared customers. Additionally, we offer Bread Financial general purpose credit cards and saving products that empower our customers and their passions for a better life.Bread Financial proudly marks 30 years of success in 2026. To learn more about our global associates, our performance and our sustainability progress, visit breadfinancial.com or follow us on Instagram and LinkedIn.Bread Financial offers competitive pay, a comprehensive selection of benefit options including 401(k).The Company is an Equal Opportunity Employer.Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for the Company.The Company participates in E-Verify.The Company will consider for employment all qualified applicants, including those with a criminal history, in a manner consistent with the requirements of all applicable federal, state, and local laws, including the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act. Applicants with criminal histories are encouraged to apply.The Company complies with the Americans with Disabilities Act (ADA), as amended, and all applicable state/local laws. The Company will provide accommodations to applicants needing accommodations to complete the application process. Applicants with disabilities may contact the Company to request and arrange for accommodations. If you need assistance to accommodate a disability, you may request an accommodation at any time. Please contact the Recruiting Team at View email address on click.appcast.io Family:Information TechnologyJob Type:Regular #J-18808-Ljbffr Alliance Data Systems, Inc.