Lead security incident investigations and ensure timely containment, root cause analysis, and cross-team collaboration.
Provide expert guidance on SIEM strategy, detection logic, and associated security technologies (EDR, email/web gateways, cloud controls).
Standardize and refine monitoring workflows to improve signal quality, reduce false positives, and expand visibility across the environment.
Leverage data from diverse sources (logs, telemetry, threat intel, case history) to identify patterns, emerging issues, and potential business impacts.
Develop, drive, and execute recommendations—technical or professional—that shape both short-term defensive actions and longer-term operational strategy.
Boost SOC effectiveness by implementing new tools, automation, AI-powered processes, and optimized playbooks supported by clear performance metrics.
Anticipate what’s next by actively monitoring emerging threats and regulatory changes that affect the company.
Mentor and elevate teammates by sharing expertise, modeling strong communication under pressure, and supporting a culture of learning within the SOC.
Collaborate closely with Technology teams, Legal/Privacy, Risk & Compliance, vendors, and third-party service providers.
Act as a subject matter expert for technology, policy, and regulatory topics in your area.
Maintain relevant professional certifications and stay current through conferences and ongoing professional development.
Advise peers and leadership on emerging risks, best practices, and operational implications.

Requirements

Bachelor’s Degree in Computer science , management information systems, cybersecurity, or equivalent experience
7-10 years experience Security Operations, incident response, Windows, Linux, cloud, SIEM, EDR, firewalls, email gateways
Security & Incident Event Management (SIEM)
Endpoint Detection & Response (EDR)
Secure email gateways
Query-building
Detection Engineering
Threat Hunting
Experience with MITRE ATT&CK mapping and detection engineering workflows
Cloud and identity investigation experience (e.g. identity compromise and bypass techniques)
Exposure to SOAR automation, playbook development, or case management platforms
Data pipeline and storage expertise (e.g. event and log data parsing)
Security+ (preferred not required)
CISSP (preferred not required)
GIAC (preferred not required)
Vendor certifications (preferred not required)

Benefits

incentive
equity
benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Security Operationsincident responseWindowsLinuxcloudSIEMEDRfirewallsemail gatewaysdetection engineering

Soft Skills

communication under pressurementoringcollaborationcross-team collaborationexpert guidancesupporting a culture of learningadvising peers and leadership

Certifications

Security+CISSPGIAC