Senior VSOC Engineer

Job Overview

This role is responsible for architecting and building IoT-focused SOCs and connected system monitoring environments from the ground up. The position may be filled as either a full-time or contract role; for contract candidates, the initial engagement is 6 months with a strong possibility of extension based on project performance and future needs. A long-term, full-time addition to the team is preferred.This is a hands-on technical role that blends deep engineering experience with architectural design. The engineer will design, deploy, and optimize Microsoft Sentinel and Splunk environments, engineer data pipelines, and automate SOC processes while helping to mature existing monitoring projects across multiple customers and platforms.At Block Harbor, you'll work in an environment that values initiative, curiosity, and practical problem-solving. Projects evolve quickly, requiring you to connect technical details to larger objectives, move confidently when not everything is defined, and collaborate across disciplines to deliver results that advance both customer success and product maturity.

ResponsibilitiesSIEM Engineering & Architecture

• Design, deploy, and maintain Microsoft Sentinel and Splunk Enterprise Security environments.
• Engineer and optimize log ingestion pipelines, ensuring completeness, normalization, and performance.
• Develop and manage data models, dashboards, and automation workflows to improve SOC visibility and scalability.
• Integrate new log sources from IoT, network, endpoint, and cloud systems.
• Maintain and enforce data governance, retention, and compliance requirements.

Automation & Integration

• Build and maintain custom automations using Python, PowerShell, or Bash to reduce manual SOC processes.
• Implement SOAR playbooks (e.g., Sentinel Logic Apps or Splunk SOAR) for triage and enrichment workflows.
• Develop and maintain API-based integrations between security tools, ticketing systems, and cloud services.
• Automate alert enrichment, log correlation, and workflow routing using orchestration platforms.

Cloud Security Engineering

• Implement and manage security controls, logging, and monitoring pipelines in AWS and Azure.
• Architect and maintain integrations with Security Hub, GuardDuty, CloudTrail, Azure Defender, and Log Analytics.
• Engineer cross-cloud telemetry and ensure coverage for all critical IoT workloads.
• Apply infrastructure-as-code principles (Terraform, CloudFormation, or Bicep) for repeatable security deployments.

SOC Platform Development & Support

• Evaluate and onboard new technologies for SOC automation, detection, and analytics.
• Collaborate with development and DevOps teams to embed monitoring at the infrastructure and application layers.
• Implement scalability improvements, data-quality validation, and system-performance monitoring for SOC tooling.
• Develop documentation, runbooks, and training material for analysts and engineering teams.

Continuous Improvement & Governance

• Conduct gap assessments and tool performance reviews to improve SOC maturity.
• Define engineering standards and best practices for log onboarding, alert design, and automation lifecycle management.
• Partner with architecture and compliance teams to align to industry frameworks (NIST, CIS, ISO
• Contribute to technology roadmaps, tool evaluations, and R&D initiatives for SOC modernization.

Required Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
• 3–5+ years in SOC engineering, security architecture, or SIEM platform management.
• Hands-on experience with Microsoft Sentinel (required).
• Experience with Splunk Enterprise Security, AWS, Azure, and scripting in Python, PowerShell, or Bash.
• Strong understanding of network protocols, identity systems, log management, and security event pipelines.

Preferred / Nice-to-Have

• Knowledge of monitoring related requirement in regulations such as: UNR 155/156, EASA, Machinery Regulation, CRA, NIS2, 15 CFR Part 791D, TSA Security Directives relevant to Rail & Aviation.
• Experience with SOAR platforms (Splunk SOAR, Sentinel Playbooks, Cortex XSOAR).
• Familiarity with data engineering tools (Kafka, Kinesis, Logstash, Fluentd).
• Experience with cloud-native security architecture and Zero Trust principles.
• Strong background in API development, scripting pipelines, and log schema design

Job Types: Full-time, Contract

Pay: $80, $120,000.00 per year

Work Location: Remote