Security Engineer II - Security Operations

Role Overview

• Develop, tune, and maintain SIEM detections, SOAR automations, processes, and playbooks to improve detection accuracy and response efficiency.
• Monitor, analyze, and triage security alerts, logs, and telemetry to identify threats, suspicious activity, and opportunities for improved visibility.
• Partner with diverse teams to support incident response, including investigation, containment, remediation, and post incident reviews.
• Continuously refine alerting logic to reduce false positives and enhance signal to noise ratio across security tools and platforms.
• Collaborate with engineering and operations teams to ensure logging, monitoring, and security controls are properly implemented and aligned with best practices.
• Evaluate and optimize security technologies to improve automation, detection coverage, and operational efficiency.
• Contribute to threat modeling and detection engineering efforts by researching emerging threats, attacker techniques, and relevant security trends.
• Assist with compliance, audit, and risk assessment activities by providing evidence, documentation, and remediation guidance.
• Maintain and update security documentation, including operational procedures, architecture diagrams, and response playbooks.
• Participate in the on-call rotation to provide timely incident response, including triage, investigation, containment, and escalation of security events.

Requirements

• 3+ years of experience in security operations, detection engineering, cybersecurity engineering, or a related technical discipline.
• Hands‑on experience with SIEM/SOAR platforms, including alert creation, tuning, automation workflows, and log onboarding.
• Strong understanding of security monitoring concepts, attacker TTPs, and frameworks such as MITRE ATT&CK.
• Experience with cloud environments (Azure, AWS, or GCP) and cloud native logging, monitoring, and security controls.
• Proficiency with scripting or programming languages (YARA-L, Python, PowerShell, etc.) for automation, data analysis, and tool integration.
• Familiarity with incident response processes, vulnerability management, and security architecture fundamentals.
• Security certifications such as CySA+, GSEC, GCIA, GMON, CEH, CCSP, or CISSP are strongly preferred.
• Experience working in agile, DevSecOps, or high-velocity operational environments.

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• Google Cloud Platform
• Python

Benefits

• 18 days PTO*
• 11 Holidays (8 company recognized & 3 floating holidays)
• 16 hours per year of paid Volunteer Time Off (VTO)
• Competitive Healthcare
• 401(k) Match: 100% match on the first 3% of your salary, plus 50% match on the next 2%
• Parental Leave: 8 weeks 100% paid by AvidXchange**
• Discounts on Pet, Home, and Auto insurance
• Free parking
• Tuition Reimbursement up to the federal maximum of $5,250***