Sr Cybersecurity IR Engineer
2 days ago
As an end-to-end responsive space company, Firefly Aerospace is on a mission to enable our world to launch, land, and operate in space - anywhere, anytime. Our small- to medium-lift launch vehicles, lunar landers, and orbital vehicles allow us to service the entire lifecycle of government and commercial missions from low Earth orbit to the Moon and beyond. We utilize carbon composite structures, patented propulsion technologies, and common components across our vehicles to iterate quickly, improve reliability, and deliver payloads at a lower cost.
SUMMARY
As a Senior Incident Response Engineer (Detection & Response) at Firefly, you will own triage, threat hunting, investigation, containment, and reporting for our security alerts and user-reported phishing. You will turn alerts from world-class systems into decisive outcomes, tune detections to reduce noise, and build custom rules and safeguards to protect Firefly data (including CUI) in alignment with compliance requirements. You will collaborate closely with Cybersecurity engineers, our GRC team, and a security operations engineer focused on dashboards/automation, using Python and Bash to streamline response and improve time-to-containment.
RESPONSIBILITIES
Alert Triage, Incident Response & Threat Hunting:
- Monitor and triage alerts from SIEM, EDR, Identity Protection, and risky-user analytics; determine severity, scope, and next actions.
- Proactive threat hunting: develop hypotheses, pivot through endpoint/identity/cloud/email telemetry (e.g., FQL/KQL), enrich with intel, validate findings, and convert successful hunts into durable detections/runbooks.
- Execute and coordinate containment/eradication (host isolation, process kill, account disable, token/session revocation, conditional access changes, email purge) and handoffs to platform owners when needed.
- Operate the user-reported phishing pipeline end-to-end (header analysis, safe detonation, artifact extraction); orchestrate tenant-wide purge and user notifications; feed outcomes into awareness and detection tuning.
- Preserve evidence, maintain timelines, and drive root-cause analysis with clear communications to stakeholders.
- Track and improve MTTD/MTTR; participate in a light on-call rotation for priority incidents.
- Write and tune detections, watchlists, and anomaly rules to reduce false positives and increase coverage on high-impact TTPs.
- Build dashboards and alert pipelines in NG-SIEM; adopt detection-as-code practices (Git PRs, versioning, testing).
- Implement and tune data loss prevention (DLP), labeling, and auto-classification controls for Firefly data; create detections for data mishandling and exfiltration paths.
- Produce incident documentation aligned to NIST SP 800-171/CMMC (e.g., incident handling, monitoring, reporting evidence) and support audits/tabletops.
- Develop Python/Bash utilities to accelerate triage, enrichment, and evidence collection; partner with the security operations engineer to productionize repeatable workflows.
- Integrate playbooks and scripts into existing pipelines to remove toil and improve consistency.
- Create and maintain IR runbooks, playbooks, and post-incident report templates; deliver concise executive summaries and technical post-mortems.
- Mentor junior responders and contribute to team readiness through drills and training.
Required:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent hands-on experience).
- 5+ years in SOC/Incident Response/Threat Detection & Response with end-to-end ownership of investigations.
- Hands-on experience with CrowdStrike Falcon (EDR, Identity Protection) and NG-SIEM/LogScale, or similar enterprise tools.
- Proficiency in Python and Bash for automation and tooling.
- Experience writing/tuning detections and applying MITRE ATT&CK in practice.
- Experience implementing/operating data protection for sensitive data and familiarity with CMMC/NIST SP 800-171 incident-handling and monitoring controls.
- Strong written and verbal communication skills, including executive-grade incident reporting and stakeholder updates.
- Experience operating phishing programs at scale (analysis, purge, feedback loops).
- Identity incident response expertise (MFA fatigue, impossible travel, token theft, conditional access tuning).
- Detection-as-code workflows (Git, PR reviews, testing) and dashboarding in NG-SIEM/LogScale.
- Certifications such as GCIA, GCIH, GCED, GMON, GCFA, CFR, CISSP, CrowdStrike CCFR/CCFA.
- Familiarity with Jira/Confluence and evidence collection for audits.
Firefly offers outstanding benefits for our employees, including generous health, dental and vision plans with low plan deductibles, parental leave, educational reimbursement, short-term disability, and flexible PTO options.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
Firefly Aerospace, Inc. is an Equal Opportunity Employer; employment with Firefly is governed based on merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
-
DevOps Engineer 3
2 weeks ago
Cedar Park, TX, United States Abacus Full timeSolicitation Reference Number 529501197 Customer Name Texas Health and Human Services Commission Category Applications/Software Development Customer Entity Name Health and Human Services Commission Title DevOps Engineer Deadline Date 10/20/2024 Level DevOps Engineer 3 Estimated Hours 1,640 Number of Positions 1 # of Resumes Allowed 1 Full/Part Time...
-
DevOps Engineer 3
2 weeks ago
Cedar Park, TX, United States Abacus Full timeSolicitation Reference Number 529501197 Customer Name Texas Health and Human Services Commission Category Applications/Software Development Customer Entity Name Health and Human Services Commission Title DevOps Engineer Deadline Date 10/20/2024 Level DevOps Engineer 3 Estimated Hours 1,640 Number of Positions 1 # of Resumes Allowed 1 Full/Part Time...
-
DevOps Engineer 3
6 days ago
Cedar Park, TX, United States Abacus Full timeSolicitation Reference Number 529501197 Customer Name Texas Health and Human Services Commission Category Applications/Software Development Customer Entity Name Health and Human Services Commission Title DevOps Engineer Deadline Date 10/20/2024 Level DevOps Engineer 3 Estimated Hours 1,640 Number of Positions 1 # of Resumes Allowed 1 Full/Part Time...
-
Project Manager, Senior
6 days ago
Cedar Park, TX, United States Pedernales Electric Full timeProject Manager, Senior (Substation Engineering and Projects) Join to apply for the Project Manager, Senior (Substation Engineering and Projects) role at Pedernales Electric Cooperative Project Manager, Senior (Substation Engineering and Projects) 3 days ago Be among the first 25 applicants Join to apply for the Project Manager, Senior (Substation...
-
Tech Specialist 4
2 weeks ago
Cedar Park, TX, United States M.C. Dean, Inc. Full timeOverview About M.C. Dean M.C. Dean is Building Intelligence. We design, build, operate, and maintain cyber-physical solutions for the nation's most mission-critical facilities, secure environments, complex infrastructure, and global enterprises. With over 7,000 employees, our capabilities span electrical, electronic security, telecommunications, life...
-
Radiology - CT Scan
1 week ago
Cedar Park, TX, United States Star Nursing Full timeMultimodality Tech Xray CT PRN BSW Cedar Park Multimodality Tech PRN for Every Wednesday Night BENEFITS Our competitive benefits package empowers you to live well and provides: Eligibility on day 1 for all benefits Dollar-for-dollar 401(k) match, up to 5% Debt-free tuition help, offering access to many no-cost and low-cost degrees, certificates and more...
-
Radiology - CT Scan
2 weeks ago
Cedar Park, TX, United States Carenest Health Services Full timeJOB SUMMARY The Multimodality Technologist, under general supervision of a Radiologist, performs imaging procedures in two or more disciplines, with a 50% focus in an advanced discipline such as CT, MR, Nuc Med or IR, on ambulatory and hospital patients as requested by a physician or other licensed provider for the diagnosis of disease and injury in...
-
Interventional Radiology Technologist
6 days ago
Highland Park, TX, United States Baylor Scott & White Health Full timeBaylor Scott & White Health is seeking a Interventional Radiology Technologist for a job in Dallas, Texas. Job Description & Requirements Specialty: Interventional Radiology Technologist Discipline: Allied Health Professional Duration: Ongoing 40 hours per week Shift: 8 hours, days Employment Type: Staff Location: Baylor University Medical Center- Dallas...
-
Interventional Radiology Technologist
4 days ago
Highland Park, TX, United States Baylor Scott & White Health Full timeBaylor Scott & White Health is seeking a Interventional Radiology Technologist for a job in Dallas, Texas. Job Description & Requirements Specialty: Interventional Radiology Technologist Discipline: Allied Health Professional Duration: Ongoing 40 hours per week Shift: 8 hours, days Employment Type: Staff Location: Baylor University Medical Center- Dallas...
-
Interventional Radiology Technician
4 days ago
Highland Park, TX, United States Baylor Scott & White Health Full timeBaylor Scott & White Health is seeking a Interventional Radiology Technologist for a job in Dallas, Texas. Job Description & Requirements Specialty: Interventional Radiology Technologist Discipline: Allied Health Professional Duration: Ongoing 40 hours per week Shift: 8 hours, days Employment Type: Staff Location: Baylor University Medical Center- Dallas...
