Design and continuously improve detection and alerting controls, ensuring high fidelity and contextual relevance to reduce noise and enable rapid response.
Build, test, and automate incident response playbooks and runbooks, increasing efficiency and consistency across the incident lifecycle.
Drive prioritization of alerts using a data-driven, scalable triage framework, aligned with business impact and threat context.
Lead in-depth investigations, including root cause analysis and digital forensics, and convert findings into actionable insights to strengthen detection and resilience.
Proactively engage in threat intelligence and threat hunting, identifying new tactics, techniques, and procedures (TTPs), enriching existing controls, and feeding insights into the detection pipeline.
Own incident handling from detection to resolution, collaborating with engineering, IT, and business teams to contain, eradicate, and recover from threats.
Define and maintain operational metrics for incident response, using them to drive continuous improvement in speed, accuracy, and organizational readiness.

Required: Public Trust Clearance
Bachelor’s degree in Computer Science, Cybersecurity, or equivalent professional experience.
Solid experience in cloud environments (AWS, GCP, or Azure), with strong understanding of cloud-native threats.
Proficiency in scripting languages (e.g., Python, Bash) for automation and tooling development.
Hands-on experience with SOC tools and platforms, such as SIEM (Splunk, Sentinel, etc.), SOAR, EDR/XDR, and log management.
Strong understanding of incident containment and eradication strategies, with proven ability to coordinate response with technical teams.
Familiarity with security frameworks and standards (NIST 800-61, CIS Controls, MITRE ATT&CK, ISO 27001).
Excellent analytical, critical thinking, and problem-solving skills.
Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios.
Proficiency in process formulation and improvement.
Background in threat modeling, adversary emulation, and risk-based alert tuning.
Strong communicator with the ability to explain security risks and actions to both technical and non-technical audiences.
Proven track record of leading cross-functional efforts in high-pressure situations.
Ability to foster collaboration across InfoSec, IT, and engineering teams.
Forensics experience, investigating incidents and preserving digital evidence.

Senior Security Operations Engineer

Key skills