Senior Security Engineer

GXA

Security Engineer responsible for gShield security services operation, incident response, and improving client security posture. Leading technical analysis and collaborating with InfoSec teams.

Posted 6/14/2026contractRemote • 🇵🇰 PakistanSeniorWebsite

Tech Stack

Tools & technologies

Cyber Security

About the role

Key responsibilities & impact

Serve as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise.
Lead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracing.
Execute containment and eradication actions such as endpoint isolation, session revocation, and credential resets.
Coordinate with SOC teams and vendor threat intelligence teams during active investigations and containment efforts.
Produce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-up.
Operate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologies.
Perform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security tools.
Support SIEM operations including query development, alert review, and rule tuning.
Assist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadership.
Monitor for security gaps, suspicious activity, and control weaknesses across managed environments.
Execute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendations.
Support gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysis.
Act as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams.
Assist with client hardening efforts and follow-through on security improvement actions across managed environments.
Support remediation of internal GXA security backlog items, including POA&M-related work.
Assist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiatives.
Contribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting.
Help improve internal security controls, tool effectiveness, and technical enforcement mechanisms.
Write and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident response.
Document technical findings, repeatable procedures, and lessons learned from incidents and tool operations.
Collaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunities.
Contribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functions.

Requirements

What you’ll need

5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles.
Strong hands-on experience with incident response, threat detection, and security operations workflows.
Experience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies.
Ability to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediation.
Familiarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacks.
Experience supporting security controls in Microsoft 365 and endpoint environments.
Strong documentation skills and ability to write clear technical procedures and findings.
Ability to work calmly and methodically during active incidents and escalations.
Strong collaboration and communication skills with both internal teams and leadership stakeholders.
Experience in an MSP, MSSP, or multi-client environment.
Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation.
Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring.
Experience supporting vulnerability remediation and technical aspects of vCISO or managed security programs.
Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plus.

Benefits

Comp & perks

🌐 Worldwide ❌ Jobs You've Hidden ⭐️ Saved Jobs ✅ Applied Jobs ✉️ Email Alerts 👤 Account GXA Website LinkedIn All Job Openings 11 - 50 employees Founded 2004 ☁️ SaaS 🔒 Cybersecurity 🤝 B2B SaaS
Cybersecurity
B2B GXA is an IT services company based in the Dallas-Fort Worth Metroplex, Texas, providing comprehensive solutions such as managed IT, cybersecurity, network security, and IT consulting. With 16 years of experience, GXA serves various industries including charter schools, commercial real estate, manufacturing, and nonprofits. The company emphasizes customized IT solutions to help businesses manage their IT operations effectively and securely. GXA is committed to high standards in information security, holding certifications like SOC 2 Type II and ISO 9001, to ensure the protection and efficiency of their client's technology infrastructures. Serving both commercial and government clients, GXA strives to improve technology experiences and resolve IT challenges, enhancing the productivity and security of Texas businesses. Senior Security Engineer Job not on LinkedIn 🔥 12 minutes ago 🇵🇰 Pakistan – Remote ⏳ Contract/Temporary 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer Cyber Security Apply Now Find Hiring Managers Customize resume + cover letter Report problem ☆ Save ☑️ Mark as applied ❌ Hide 📋 Description
Serve as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise.
Lead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracing.
Execute containment and eradication actions such as endpoint isolation, session revocation, and credential resets.
Coordinate with SOC teams and vendor threat intelligence teams during active investigations and containment efforts.
Produce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-up.
Operate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologies.
Perform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security tools.
Support SIEM operations including query development, alert review, and rule tuning.
Assist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadership.
Monitor for security gaps, suspicious activity, and control weaknesses across managed environments.
Execute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendations.
Support gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysis.
Act as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams.
Assist with client hardening efforts and follow-through on security improvement actions across managed environments.
Support remediation of internal GXA security backlog items, including POA&M-related work.
Assist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiatives.
Contribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting.
Help improve internal security controls, tool effectiveness, and technical enforcement mechanisms.
Write and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident response.
Document technical findings, repeatable procedures, and lessons learned from incidents and tool operations.
Collaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunities.
Contribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functions. 🎯 Requirements
5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles.
Strong hands-on experience with incident response, threat detection, and security operations workflows.
Experience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies.
Ability to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediation.
Familiarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacks.
Experience supporting security controls in Microsoft 365 and endpoint environments.
Strong documentation skills and ability to write clear technical procedures and findings.
Ability to work calmly and methodically during active incidents and escalations.
Strong collaboration and communication skills with both internal teams and leadership stakeholders.
Experience in an MSP, MSSP, or multi-client environment.
Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation.
Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring.
Experience supporting vulnerability remediation and technical aspects of vCISO or managed security programs.
Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plus. Apply Now 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score 🌐 Worldwide Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or support@remoterocketship.com Search Search Jobs by country Search jobs by city Search jobs by job title Search entry-level jobs Search junior-level jobs Search senior-level jobs Search jobs by tech stack Search jobs by contract type Search remote internships Search remote part-time jobs Remote jobs Anywhere in the World Companies Hiring Anywhere in the World Companies Hiring Sales People Anywhere in the World Companies Hiring Software Engineers Anywhere in the World Resources Advice Tips for finding remote jobs Interview questions and answers Resume examples Cover letter examples Post a job Affiliates Privacy policy Terms of service Job board SEO course AI Apply Copilot OpenClaw job finder Jobs by Country Remote jobs anywhere in the world (Worldwide remote jobs) Remote jobs United States Remote jobs Australia Remote jobs Brazil Remote jobs Canada Remote jobs France Remote jobs Ireland Remote jobs Germany Remote jobs Netherlands Remote jobs Spain Remote jobs UK Popular Jobs Remote data analyst jobs Remote customer support jobs Remote executive assistant jobs Remote marketing jobs Remote product designer jobs Remote product manager jobs Remote project manager jobs Remote recruiter jobs Remote sales jobs Remote software engineer jobs Jobs by Type Remote full-time jobs Remote part-time jobs Remote contract jobs Remote internship jobs Remote entry-level jobs Remote jobs with no experience required Remote junior jobs (1-3 years of experience) Digital nomad jobs Remote jobs with no degree required Freelance remote jobs Temporary remote jobs Remote jobs hiring now Stay at home mom jobs

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

incident responsethreat detectionsecurity operationslog analysisIOC huntinglateral movement tracingvulnerability managementtechnical remediationsecurity hardeningdocumentation

Soft Skills

collaborationcommunicationcalmness under pressuremethodical approachtechnical writing

Certifications

Security+CySA+SC-200SC-300AZ-500GCIHGCIA