Operate and tune enterprise security tools (EDR, SIEM/SOAR, WAF/proxy, email security).
Manage proxy filtering policies, exceptions, SSL inspection, and performance troubleshooting.
Build automation and playbooks (Python/PowerShell, SOAR, APIs) to streamline SecOps tasks.
Implement CI/CD pipelines and Infrastructure-as-Code workflows for consistent, auditable security configuration changes.
Author and tune detection rules; improve signal quality and reduce false positives.
Maintain and author health dashboards, uptime/coverage metrics, and change governance documentation.
Conduct knowledge transfers through runbooks, how-to guides, tabletop exercises, and lunch & learn training sessions.
Maintain upgrade schedules, license compliance, configuration baselines, and key/secret rotations.
Analyze block events for false positives; measure impact; retire exceptions on schedule and report residual risk.
Build and maintain an automation backlog in partnership with SecOps, prioritizing high-frequency, high-toil tasks.
Provide on-call support for tooling availability and ingestion/normalization issues.
Report on metrics (uptime, coverage, MTTR, lead time, change success rate, exception aging).

Requirements

Bachelor’s degree in computer science, Information Systems, Data Science or closely related field of study or equivalent experience
Minimum 2 years of experience in cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), operations incident response, network security or security engineering
Basic experience administering, deploying and managing security tools.
Basic experience operating WAF/proxy and SIEM/SOAR.
Scripting in Python and/or PowerShell and building API integrations; JSON/YAML proficiency.
CI/CD and Git workflows; Infrastructure-as-Code for security configurations.
Basic understanding of TLS/SSL, HTTP, identity-aware policies, and egress/ingress routing.
Documentation discipline and change management (ITIL basics).
Ability to produce formal and informal reports, briefings, and analysis of security controls.
Experience with Endpoint Detection and Response (EDR) or Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoring tools.
Understanding of MITRE ATT&CK Framework and Cyber Kill Chain flow
Understanding of incident response processes and risk management.

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

PythonPowerShellAPIsCI/CDInfrastructure-as-CodeJSONYAMLanomaly detectionsecurity incident and event management (SIEM)network security

Soft Skills

documentation disciplinechange managementreportinganalysisknowledge transfertrainingtroubleshootingcommunication