Softheon

Security Operations Engineer

Softheon

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $101,000 - $131,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudCyber SecurityDockerKubernetesLinuxPython

About the role

  • Security Operations Engineer at Softheon strengthens cloud and hybrid security posture with Microsoft Defender, Sentinel, and cloud-native tools.
  • Collaborates with Cloud Security, Compliance, DevOps, and Engineering to embed security across the organization.
  • Maintains regulatory compliance (HIPAA, SOC 2) and advances security automation for Azure and SaaS.
  • You will lead security improvements including Azure, Zero Trust; design secure architectures; deploy policy as code; CSPM/CASB; etc.
  • Requires strong self-direction, problem-solving, team-first mentality; guards integrity, confidentiality, availability of Softheon’s healthtech SaaS ecosystem.

Requirements

  • Proactively research and identify opportunities to strengthen Softheon’s cloud and hybrid security posture, with emphasis on Microsoft Azure environments and Zero Trust principles.
  • Collaborate cross-functionally with IT, DevOps, and Cloud Security teams to design and implement scalable, secure architectures aligned with security best practices and compliance frameworks (HIPAA, SOC 2, PCI).
  • Engineer and deploy advanced security controls including detection-as-code and policy-as-code initiatives such as Azure Policy, Kusto Query Language (KQL), and Microsoft Conditional Access policies.
  • Support the operationalization of new security tools and features, contributing to the evolution of next-gen automation and security infrastructure across Azure and SaaS platforms.
  • Harden and optimize the organization's CSPM and CASB tools to improve cloud threat detection, enforce security policies, and ensure continuous compliance across hybrid-cloud environments.
  • Administer Microsoft Sentinel, Microsoft Defender XDR, and related security tools for real-time alerting, correlation, and response to potential threats.
  • Respond to escalated incidents based on severity and business impact; coordinate with Cloud and Compliance teams for cross-functional incident response.
  • Maintain and optimize infrastructure monitoring and centralized dashboards to provide operational awareness across cloud and on-prem environments.
  • Develop automation and SOAR playbooks (e.g., LogicApps, Sentinel automation rules) to collect security metrics and reduce mean time to detect/respond (MTTD/MTTR).
  • Continuously assess alert quality and detection fidelity, tuning signals and rules to balance noise reduction and comprehensive coverage.
  • Partner with Compliance, GRC, and Legal stakeholders to ensure technical security controls align with regulatory frameworks including HIPAA, SOC 2, HITRUST, PCI DSS, and ISO 27001.
  • Implement and document technical evidence for audits, contributing to readiness for external assessments and client security reviews.
  • Collaborate on POA&M items, vulnerability remediation, and continuous monitoring activities to meet CMS and audit board standards.
  • Maintain automation and documentation pipelines that support recurring assessments and enforce policy-as-code for compliance enforcement.
  • Conduct proactive security assessments and architectural reviews in collaboration with internal teams to identify gaps and drive technical remediation strategies.
  • Develop and maintain real-time security dashboards using metrics from tools like Microsoft Sentinel and Defender, providing actionable visibility into threat trends, posture, and remediation status.
  • Deliver structured reporting on KPIs such as incident response times, alert fidelity, and control coverage to inform both technical teams and executive stakeholders.
  • Design, lead, and manage organization-wide security education initiatives, including phishing simulation campaigns, targeted training modules, and awareness outreach.
  • Collaborate with HR and compliance to ensure training aligns with regulatory frameworks (HIPAA, PCI, etc.) and supports cultural adoption of security best practices.
  • Use metrics to evaluate program effectiveness, adjusting content based on incident trends, user behavior, and regulatory needs.
  • Identify and drive enhancements to internal security processes, focusing on automation, standardization, and operational efficiency.
  • Develop and refine internal tooling, scripts, and workflows to support proactive threat detection, remediation, and audit-readiness.
  • Collaborate cross-functionally to ensure optimized procedures align with both business objectives and regulatory mandates.
  • Collaborate seamlessly with technical and non-technical teams, translating security objectives into actionable initiatives across departments.
  • Demonstrate flexibility and adaptability in a dynamic environment, adjusting to evolving priorities, regulatory changes, and organizational needs.
  • Serve as a liaison between engineering, compliance, product, and operations teams to ensure security is embedded across the business lifecycle.
  • Operate with a high degree of independence, consistently demonstrating initiative and ownership in addressing security challenges.
  • Proactively identify and resolve issues without waiting for direction, contributing to a resilient and secure infrastructure.
  • Exhibit sound judgment and accountability in a fast-paced environment with minimal supervision.
  • Partner with the Talent team to support recruitment efforts, including participation in interviews and evaluating candidates for technical and cultural fit.
  • Leverage industry knowledge and professional networks to identify and attract high-caliber talent that supports organizational growth.
  • Mentor and provide technical guidance to peers across the team, fostering a collaborative and growth-oriented environment.
  • Champion and contribute to a positive organizational culture by promoting the company’s core values and encouraging cross-functional engagement and teamwork.
  • Participate in an on-call rotation during peak operational periods, providing responsive support outside standard business hours to ensure rapid resolution of critical security issues.
  • Although the role is primarily remote, in-person attendance at company headquarters is required approximately twice per year for strategic planning, collaboration, and team-building activities. Travel arrangements will be coordinated to ensure a seamless experience.
  • 5% travel is required
  • Availability during Eastern Time working hours (9:00 AM – 6:00 PM ET) is required to maintain alignment with business operations and team collaboration.
  • The candidate must reside in the Eastern or Central time zone to support team cohesion and coverage expectations.
  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
  • SC-200 certification required prior to start date.
  • CompTIA Security+ is preferred
  • Minimum of 4 years of hands-on experience in a Security Operations role. , ideally in a mid-level engineering capacity.
  • At least 2 years of experience working directly with Azure security tools and environments.
  • Proven production experience using Microsoft Defender 365.
  • Strong proficiency with Linux and Windows operating systems, including system hardening and secure configuration practices.
  • Understanding of Git and CI/CD pipelines, including best practices for securing source control and deployment workflows.
  • Familiarity with container security and orchestration platforms such as Docker, Kubernetes, and EKS.
  • Hands-on experience with SIEMs (especially Sentinel), Azure Security Center, compliance tools, and offensive security tools like Kali Linux.
  • Understanding of web application security concepts including HTTPS, security headers, OWASP Top 10, WAFs, and certificate management.
  • Proficiency in log analysis, detecting abnormal system and network behavior, and performing basic forensic investigations.
  • Strong understanding of foundational security concepts including Least Privilege, Role-Based Access Control (RBAC), Zero Trust, and network segmentation.
  • Familiarity with Zscaler technologies and their role in secure internet access, application access, and zero trust implementations.
  • AZ-500, CompTIA Security+, SSCP, CSA, CSOP, or other relevant security credentials.
  • Experience or interest in scripting for automation using tools like PowerShell, Python, or similar.
  • Demonstrated accuracy in incident response and forensic documentation.
  • Strong problem-solving abilities to identify root causes and develop mitigation strategies.
  • Eagerness to learn and adjust to evolving threats, technologies, and organizational priorities.