Key skills
AWSAzureIncident responseThreat huntingSIEMCloud securityScriptingRisk management frameworksAnalytical skillsAutomation technologiesCompliance standardsOperational documentationCommunication skillsProblem-solving skillsPythonPowerShellTerraformCloudFormationRisk ManagementCommunicationCloud Security
About this role
SitusAMC is where the best and most passionate people come to transform our client’s businesses and their own careers. The Security Operations Engineer is responsible for executing hands-on security operations to protect the organization’s cloud environments, systems, and data, focusing on detecting, validating, and responding to security threats.
Responsibilities:
- Monitor, investigate, and respond to security alerts across cloud, endpoint, network, and identity platforms, validating threats and determining appropriate response actions
- Execute mitigation and remediation actions within AWS and Azure environments, including access revocation, configuration changes, policy updates, and resource isolation
- Build, tune, and maintain detections in SIEM, EDR, and cloud-native security tools to improve alert fidelity and reduce noise
- Materially contributes to incident response activities, including triage, containment, eradication, recovery, and post-incident lessons learned
- Perform root-cause analysis on security incidents and near-misses and drive corrective actions to prevent recurrence
- Develop, maintain, and execute security runbooks, response playbooks, and operational documentation to ensure consistent and repeatable response
- Implement and support automation and response workflows using scripting, APIs, and cloud-native tooling to reduce MTTR
- Partner with cloud, infrastructure, and application teams to remediate findings, harden systems, and reduce attack surface
- Support threat hunting activities using logs, telemetry, and attacker TTPs to identify suspicious or malicious behavior not detected by existing alerts
- Assist with vulnerability management, including validation of findings, prioritization based on risk, and remediation tracking
- Monitor cloud environments for misconfigurations, control failures, and drift, and take corrective action as required
- Contribute to tabletop exercises, purple team activities, and continuous defensive improvement efforts
- Stay current with emerging threats, technologies, and industry best practices, recommending strategies to evolve the organization’s security defenses
- Other activities as may be assigned by your manager
Requirements:
- Bachelor's degree in information security, Computer Science, or related field (or equivalent experience)
- Experienced professional with 5+ years of industry and/or relevant experience, typically at a Senior Analyst or Analyst level role or external equivalent
- Strong knowledge of SIEM, DLP, e-mail security, endpoint security, and cloud security technologies
- Hands-on experience securing and operating within AWS and Azure environments, including identity, networking, and native security services
- Working knowledge of infrastructure-as-code, scripting, or automation technologies (e.g., Terraform, CloudFormation, PowerShell, Python, or similar)
- Ability to execute security remediation actions using cloud consoles, APIs, and automation tools
- Expertise in incident response, threat hunting, and security operations
- Familiarity with risk management frameworks and compliance standards (NIST, CIS, etc.)
- Excellent problem-solving, analytical, and communication skills
- 3-5 years of professional experience in information security with progressive responsibility preferred
- Relevant certifications such as Security+, CySA+, GCIA, GCIH, AWS Certified Security – Specialty, Azure Security Engineer (AZ-500), SC-200, or equivalent cloud and security operations certifications are strongly preferred