Calian Group is seeking a Lead Security Engineer to serve as the technical authority and Incident Commander for high-severity security events across their client base. This hands-on leadership role requires deep expertise in CrowdStrike Falcon and NGSIEM, with responsibilities including coordinating response efforts, driving detection maturity, and mentoring team members.
Responsibilities:
- Serve as Incident Commander for high-severity and complex security incidents
- Lead coordinated response efforts across SOC analysts, engineers, and client stakeholders
- Establish investigation strategy, task delegation, and communication cadence
- Drive containment, eradication, and recovery decisions
- Conduct post-incident reviews and root cause analysis
- Deliver executive-level incident briefings to clients
- Architect and optimize CrowdStrike NGSIEM environments
- Develop and tune detection logic within NGSIEM
- Design ingestion strategies aligned with MSSP scale and cost efficiency
- Leverage Falcon telemetry for deep endpoint investigations
- Perform advanced query development and threat hunting
- Identify telemetry gaps and improve detection coverage
- Investigate incidents across: Endpoint (CrowdStrike Falcon + other supported platforms) SIEM (NGSIEM + other supported platforms) Identity providers Firewall and network telemetry Cloud platforms (AWS/Azure/GCP) Correlate signals across disparate systems to build complete attack narratives Support integration efforts with SOAR platforms
- Develop detection strategies aligned to MITRE ATT&CK
- Conduct proactive threat hunts
- Reduce false positives through rule refinement
- Collaborate with automation engineering to improve IR workflows
- Participate in on-call rotation for high-severity incidents
- Provide after-hours escalation support
- Lead response during active security events regardless of time zone
- Ensure incident documentation meets quality standards
- Mentor Analyst & Engineering Team
- Establish investigation standards and quality benchmarks
- Improve escalation pathways
- Contribute to SOC maturity initiatives
- Other duties as required within the context of the role
Requirements:
- 10+ years in cybersecurity operations, incident response, or security engineering
- 4+ years hands-on experience with CrowdStrike Falcon Platform
- Demonstrated experience serving as Incident Commander or IR Lead
- Experience designing or deploying security technologies
- Strong endpoint forensics and telemetry analysis capabilities
- Excellent written and verbal communication skills (technical and executive-level)
- Direct experience with CrowdStrike NGSIEM (Strongly Preferred)
- Experience in MSSP or multi-client environments preferred
- Experience in architecting SIEM ingestion strategies
- Experience deploying EDR at scale
- Familiarity with SOAR platforms
- Experience integrating identity and cloud telemetry into SIEM
- Knowledge of MITRE ATT&CK and adversary emulation
- Background in threat hunting and adversary emulation
- API integrations (preferred)