Security Operations Engineer
monday.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformSplunkSQL
Incident Response Engineer
Cloudflare
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $98,000 - $120,000 per year
Job Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudDockerGoogle Cloud PlatformKubernetesPythonSQL
About the role
- Oversee security event triage, validation, and response workflows; ensure timely investigation of high-priority alerts and anomalies.
- Collaborate with detection engineering and threat intelligence to refine investigative signals and improve visibility.
- Maintain incident management processes, categorize, document, and escalate incidents as needed; ensure adherence to playbooks and compliance standards (CISA, GDPR, NIST, ISO 27001).
- Perform continuous operational improvements: tune detection rules, optimize log ingestion, and enhance alert enrichment pipelines.
- Conduct security gap analysis and work with engineering to improve log collection, normalization, and visibility across environments.
- Lead forensic investigations into intrusions, insider threats, APTs, and account compromises; perform disk, memory, and network forensics.
- Perform log analysis, correlation, and anomaly detection across endpoint, network, and cloud telemetry; use Python and SQL to extract insights from large-scale logs.
- Investigate real-time security incidents and conduct post-incident root cause analysis with documentation and mitigation recommendations.
- Oversee security monitoring operations, optimize SIEM queries, log pipelines, and case management to improve threat visibility.
- Develop playbooks, SOPs, and automated solutions (log parsing scripts, enrichment tools, case correlation) to streamline investigations.
- Build log analysis pipelines, custom detection logic, and scalable solutions for PCAP analysis, network flow monitoring, and cloud event detection.
- Correlate multi-source logs and use threat intelligence APIs (VirusTotal, AbuseIPDB) to enrich investigations and automate IOC processing.
Requirements
- 3+ years of experience in incident response, security operations, and forensic analysis.
- Proven ability to lead crisis situations and make data-driven security decisions.
- Strong expertise in incident management, root cause analysis, and forensic investigation methodologies.
- Hands-on experience with SIEM (SQL, ELK), SOAR, and EDR (CrowdStrike) for real-time monitoring and response.
- Expertise in cloud security (AWS, GCP, Azure) and containerized workloads (Kubernetes, Docker) security incident handling.
- Experience managing large-scale security incidents with effective escalation and business alignment.
- Proficiency in OKR methodologies, Agile workflows, and project prioritization strategies.
- Strong understanding of threat intelligence, attacker tactics (MITRE ATT&CK), and real-world attack chains.
- Proficiency with Python, SQL, and data engineering techniques for large-scale log analysis.
- Participation in a shared on-call rotation with rotating weekend and holiday shifts.
- Nice-to-have: Certifications GCFA, GNFA, GREM, GCIH or equivalent.
- Nice-to-have: Familiarity with SOAR platforms and security case management automation.
- Nice-to-have: Experience in Red Teaming, Threat Intelligence, or Malware Analysis.
- Nice-to-have: Understanding of cloud-native security monitoring (AWS, GCP, Azure).
Similar jobs on JobTailor
Security Engineer – Detection and Response
Lambda
AWSAzureCloudGoGoogle Cloud PlatformLinuxPythonSplunk
Senior Security Operations Engineer
OLX
AWSAzureCloudGoogle Cloud PlatformKubernetesPython
Security Engineer
66degrees
AWSAzureCloudDNSGoogle Cloud PlatformPythonShell ScriptingSMTPTCP/IP
Senior Engineer – SIEM Data Connectors
CrowdStrike
AWSAzureCloudCyber SecurityDistributed SystemsFirewallsGoogle Cloud PlatformGraphQLPythonSplunk