SecOps Engineer

About the Role

The Security Operations Engineer is responsible for operating security controls that protect the company's enterprise, cloud, and mission systems and for technical response to security events across the environment. This role handles day‑to‑day detection, investigation, vulnerability management and cloud security posture work, serving as a hands‑on technical authority across the security tooling stack. The engineer partners closely with IT, infrastructure, engineering and product teams to reduce risk, shorten time‑to‑detect and time‑to‑respond, and ensure that security controls function reliably in regulated and non‑regulated environments.

• Operate and continuously improve the company's Security Information and Event Management (SIEM) platform, including log source onboarding, parser and normalization maintenance, detection content development, and alert tuning to minimize false positives while preserving coverage.
• Build and maintain detection rules mapped to adversary behaviors and develop corresponding response playbooks and automation.
• Serve as a first responder and technical liaison for security incidents, including triage, containment, forensic collection, root cause analysis, and post‑incident review; coordinate with IT, engineering, and legal stakeholders throughout the lifecycle.
• Maintain incident response documentation, runbooks, and evidence‑handling procedures suitable for regulated environments and contractual reporting obligations.

• Operate the vulnerability management lifecycle across endpoints, servers, containers, and cloud workloads, including scanning cadence, finding validation, prioritization, remediation tracking, and exception governance.
• Partner with system owners and engineering teams to drive remediation within agreed service levels, and elevate aging or high‑severity findings through defined risk channels.
• Produce vulnerability posture reporting and trend analysis for technical and leadership audiences.

• Operate Cloud Security Posture Management tooling across the company's cloud environments, including configuration baseline enforcement, drift detection, and continuous compliance monitoring against internal standards and applicable frameworks.
• Investigate misconfigurations and risky resource states, coordinate remediation with cloud and platform teams, and contribute guardrails and preventive controls where appropriate.

• Administer and tune endpoint detection and response (EDR) tooling across corporate and engineering fleets, including policy management, exclusion governance, telemetry quality, and response action workflows.
• Investigate endpoint alerts and suspicious activity, and coordinate containment, isolation, and recovery actions with IT.

• Support operational identity and access management activities, including privileged access monitoring, access review execution, anomaly investigation, and integration of identity telemetry into detection pipelines.
• Partner with IT and engineering on secrets management hygiene, including monitoring for leaked or misused secrets and supporting remediation workflows.

• Consume, evaluate, and operationalize threat intelligence from commercial, open‑source, and government sources; translate relevant intelligence into detections, hunts, and control recommendations.
• Conduct periodic threat hunting across available telemetry based on current intelligence and environmental risk.

• As capacity allows, support Data Loss Prevention (DLP) tooling operations, including policy tuning, alert triage, and coordination with data owners on sensitive data handling concerns.

• Act as a technical liaison for assigned security tools, including deployment, upgrade, integration, and health monitoring; author and maintain the integrations, scripts, and automation that connect security tooling into the broader engineering and IT ecosystem.
• Evaluate new security technologies through proof‑of‑concept exercises and provide technical input into procurement and…