Sr. Security SOC Engineer
United States of America
Full Time
1 hour ago
$89 - $28 USD
H1B Sponsor Likely
Key skills
Security operationsThreat detectionSecurity engineeringSIEM platformsSplunkElasticSentinelQuery languagesSPLKQLSQLScripting languagesPythonPowerShellMITRE ATT&CK frameworkAdversary tactics techniquesproceduresEDR platformsXDR platformsLog analysisNetwork protocolsOperating systemsSecurity architecturesThreat intelligence integrationAnalytical skillsMachine LearningAnalyticsAWSAzureGCPLeadershipCommunicationCloud Security
About this role
Software Guidance & Assistance, Inc. (SGA) is searching for a Senior Security SOC Engineer for a contract assignment with a premier regulatory client. In this role, you will build robust detection capabilities, lead threat hunting initiatives, and respond to security incidents to protect the organization from cyber threats.
Responsibilities:
- Design, develop, and tune advanced security detection rules and analytics across multiple security platforms (SIEM, EDR, NDR, cloud security tools)
- Develop and maintain detection use cases based on threat intelligence, adversary tactics, and attack frameworks (MITRE ATT&CK)
- Optimize detection logic to reduce false positives while maintaining high detection efficacy
- Configure and tune security tools to improve alert accuracy and operational efficiency
- Continuously monitor security alerts from various security tools (SIEM, IDS/IPS, firewalls, endpoint protection)
- Analyze security alerts and telemetry data to identify patterns, trends, and indicators of compromise
- Identify and analyze potential security threats, incidents, and anomalies
- Lead proactive threat hunting initiatives to identify emerging threats and potential security incidents
- Perform advanced analysis and triage of security incidents, categorizing and prioritizing threats based on severity
- Collaborate with incident response teams to investigate and remediate security events
- Collect and review relevant logs, evidence, and data to assess the impact of security incidents
- Escalate critical incidents to lead engineers and coordinate response efforts
- Create comprehensive incident reports and documentation
- Stay current with emerging threats, vulnerabilities, and security technologies
- Implement and integrate threat intelligence feeds into monitoring systems
- Participate in purple team exercises to validate and enhance detection capabilities
- Contribute to post-incident reviews to identify lessons learned and improve response strategies
- Improve detection coverage based on incident learnings and threat landscape evolution
- Create and maintain comprehensive documentation for detection rules, playbooks, and response procedures
- Mentor junior security engineers and share expertise across the security operations team
- Collaborate with SOC leadership, IT teams, and other departments to ensure comprehensive security coverage
- Contribute to security status reports, dashboards, and executive briefings
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 7+ years of experience in security operations, threat detection, or security engineering
- Strong expertise with SIEM platforms (Splunk, Elastic, Sentinel, or similar)
- Proficiency in query languages (SPL, KQL, SQL) and scripting languages (Python, PowerShell)
- Deep understanding of the MITRE ATT&CK framework and adversary tactics, techniques, and procedures
- Experience with EDR/XDR platforms and log analysis
- Strong knowledge of network protocols, operating systems, and security architectures
- Understanding of threat intelligence integration and application
- Excellent analytical and problem-solving skills
- Strong communication skills with ability to articulate technical concepts to various audiences
- Advanced security certifications (GCDA, GCIA, GCFE, CEH, CISSP, or similar)
- Experience with cloud security platforms (AWS, Azure, GCP)
- Background in malware analysis or digital forensics
- Experience with automation and orchestration tools (SOAR platforms)
- Knowledge of machine learning applications in security detection
- Contribution to open-source security projects or research