Senior Cybersecurity Engineer

Join our Security Operations Center as a Senior Cybersecurity Engineer, where you will be the technical authority steering our incident response initiatives from escalation to resolution. Reporting directly to the Manager of the Security Operations Center, you will take proactive measures based on exposure, deliver strategic advice to leadership, and work towards enhancing our standard operating procedures and security tools continuously.

This is an exceptional opportunity to protect national critical infrastructure while contributing to a prominent telecommunications organization.

Key Responsibilities:

• Manage daily SOC operations, ensuring that all priorities and quality objectives are consistently met.
• Lead incident triage and response, addressing escalated security events from Tier I/II analysts.
• Direct technical activities throughout the incident response phases: detection, assessment, containment, eradication, and recovery.
• Conduct forensic analysis on compromised systems and coordinate with external resources as necessary.
• Perform thorough incident analysis by correlating data from various sources to identify root causes and impacts.
• Document and communicate findings, creating detailed after-action reports for the security team.
• Develop and implement threat-hunting strategies across the organization to proactively identify and mitigate threats.
• Recommend and execute enhancements to improve the effectiveness and efficiency of threat intelligence, incident response, and scalability.
• Lead technical incident response efforts, ensuring clear and active communication among stakeholders.
• Work collaboratively with engineering teams to optimize enterprise monitoring platform configurations for effective threat detection and response, aligning with security policies and organizational objectives.
• Continuously evaluate and integrate monitoring platform configurations to boost SOC capabilities and support streamlined operations.
• Partner with Security Engineering teams to enhance existing security tools' features and capabilities.
• Execute projects under the guidance of Cyber Defense Leadership.
• Mentor and train junior analysts, supporting their professional development.
• Develop, implement, and mature SOC policies and procedures to ensure robust security operations.
• Stay updated on emerging threats and technologies, adapting SOC strategies to address evolving security challenges.
• Perform additional tasks and responsibilities as directed by the CSOC Manager.

Minimum Qualifications:

• Bachelor's degree in a relevant field with 6 years of experience; alternatively, a master's degree with 4 years of experience; or 18 years of relevant experience without a degree.
• 6+ years of technical experience in information/cybersecurity.
• 2+ years of direct experience in an Incident Response role within large enterprise environments.
• Familiarity with Incident Response methodologies.
• Strong knowledge of Windows and Linux operating systems.
• Working knowledge of cloud technologies such as Amazon, Azure, and Google.
• Experience with Python, PowerShell, or similar automation and enrichment tools.
• Familiarity with Microsoft Graph API and KQL.
• Strong understanding of network protocols, web servers, authentication mechanisms, anti-virus, and server applications.
• Ability to perform under pressure.
• Capability to conduct independent analysis and distill relevant findings and root causes.
• Excellent communication skills for conveying complex ideas effectively in both written and verbal formats.
• Applicants must be authorized to work in the United States without current or future sponsorship.

Preferred Qualifications:

• Experience with cloud technology and related incident response techniques.
• Ability to perform forensics on Windows endpoints.
• Experience with endpoint security solutions (Microsoft Defender, CrowdStrike, etc.).
• Experience conducting threat hunting in cloud environments (Azure, AWS, GCP).
• Familiarity with Fortinet, Palo Alto, and Juniper firewalls.
• Experience with network forensics and relevant toolsets (Suricata, Wireshark, PCAP, tcpdump, etc.).
• Experience automating response operations using SOAR, Logic Apps, Defender Live Response, or similar technologies.
• Industry certifications such as GCIH, CCIA, GIAC, CISSP, or CISM are a plus.

Compensation: The role offers a base salary ranging from $119,600.00 to $199,400.00, with potential for additional compensation including performance incentives.

Benefits: The company provides eligible employees with flexible vacation policies, seven paid holidays annually, and up to 160 hours of paid wellness leave for personal or family health. Additional paid time off includes bereavement leave, jury duty, military leave, and parental leave.