Key skills
SIEMIncident investigationThreat detectionSecurity operationsCybersecurity degreeGCIH certificationAzure Security EngineerAWS Security certificationNetwork fundamentalsThreat huntingOperational documentationMentorshipAnalyticsAWSAzureLeadershipCommunicationNetwork SecurityCloud Security
About this role
DYOPATH is looking for a SNOC Engineer III (Security) who thrives on advanced problem-solving and technical leadership in a fast-paced security operations environment. The role involves driving continuous improvement in security operations, serving as a primary escalation point for complex security incidents, and providing mentorship to junior engineers.
Responsibilities:
- Drive continuous improvement within SNOC security operations by identifying opportunities to enhance monitoring, response workflows, automation, and operational efficiency
- Serve as the primary escalation point for complex security incidents, providing advanced technical analysis and resolution support to the SNOC engineering team
- Support the development and maintenance of operational documentation including security runbooks, incident response procedures, investigation guides, and knowledge base articles
- Identify and analyze potential security risks, vulnerabilities, and suspicious activity across network, system, endpoint, identity, and cloud environments, recommending remediation actions
- Assist in strengthening security monitoring capabilities by improving detection logic, tuning alerts, and contributing to SIEM analytics rules and automation workflows
- Provide mentorship and technical guidance to junior SNOC engineers during investigations, troubleshooting, and incident response activities
- Support security compliance initiatives by ensuring operational activities, incident investigations, and response actions are properly documented to support audits and reporting
- Participate in validation and testing of incident response procedures, disaster recovery plans, and operational readiness exercises
- Act as the technical lead for high-severity security incidents, coordinating investigation activities and guiding containment, eradication, and recovery efforts
- Perform advanced threat analysis using SIEM, EDR, identity protection, and network telemetry platforms to identify malicious or suspicious activity
- Investigate complex security alerts and correlated incidents across endpoint, identity, email, cloud, and network security platforms
- Develop and refine detection capabilities including SIEM analytics rules, threat hunting queries, alert enrichment logic, and automated response playbooks
- Provide escalation support during major incidents, assisting with root cause analysis, containment strategies, and post-incident documentation
- Collaborate with engineering, infrastructure, and client teams to implement remediation actions and long-term risk mitigation strategies
- Support onboarding and integration of security telemetry from new platforms and security technologies into the monitoring environment
- Ensure security investigations, incidents, and operational actions are accurately documented within ticketing and case management systems
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, or related field preferred (or equivalent experience)
- Advanced knowledge of security operations, incident investigation, and threat detection methodologies
- Experience with SIEM and security monitoring platforms such as Microsoft Sentinel, Wazuh, SentinelOne, or similar technologies
- Strong understanding of networking fundamentals, endpoint security, identity protection, and cloud security environments (Azure, AWS, or similar)
- Experience performing advanced log analysis, threat hunting, and alert triage across multiple telemetry sources
- Ability to troubleshoot complex security issues and provide leadership during high-severity operational events
- Strong written and verbal communication skills for both internal operational documentation and client-facing discussions
- Experience improving security monitoring through detection engineering, alert tuning, and security automation
- Familiarity with security frameworks, compliance standards, and operational security best practices
- Preferred professional certifications: GIAC (GCIH, GCIA, GCFA), CompTIA CySA+ or CASP+, Microsoft Certified: Azure Security Engineer Associate, AWS Certified Security – Specialty, Cisco CCNP or equivalent