Senior Cybersecurity Operations Engineer - AI

Job Summary

The Senior Cybersecurity Operations Engineer – AI is a senior technical leader within the Cybersecurity Operations Center. The role focuses on advancing detection engineering, automated response, and threat intelligence. Responsibilities include designing, developing, and continuously improving high‑fidelity detections across enterprise telemetry, engineering automated response workflows that reduce response times, and driving innovation in CSOC operations. The position also mentors junior engineers and analysts.

• Own the design and implementation of key IT projects and initiatives that support the organization’s long‑term security strategy.
• Identify improvement areas, develop and deliver new processes, and manage ambiguity with minimal supervision.
• Create and maintain documentation, runbooks, project updates, architecture, and technical requirements.
• Develop and deliver KPIs, perform data analysis using Excel Pivot Tables, database queries, and other tools, and produce presentations for various audiences.
• Serve as a subject‑matter expert in multiple information security disciplines and mentor junior staff.
• Maintain confidentiality, professional conduct, and resolve conflicts with clear communication.

• Four or more years of experience in Information Security or Infrastructure.
• Intermediate to expert knowledge of network security, LDAP directories, vulnerability management, incident management, server/Desktop management, cloud architecture, SIEM, SOAR, DLP, IDS/IPS, EDR, WAF, NAC, PAM, and related cyber‑security tools.
• Working understanding of NIST, PCI‑DSS, and SOX controls.

• Bachelor’s degree or equivalent in Computer Science, Networking, or Information Technology.
• Security certifications such as Security+, Network+, CISSP, SSCP, CCSP.
• Five or more years in Information Security or Infrastructure, and 5+ years in SOC, detection engineering, threat detection, or security engineering roles.
• Experience with detection lifecycle management, SIEM platforms (e.g., Splunk, Crowd Strike Next‑Gen SIEM, Palo Alto XSIAM), and Git‑based workflow for detections.
• Knowledge of testing frameworks (unit testing, regression testing, synthetic event generation) and SOAR playbooks (Cortex XSOAR, Splunk SOAR).
• Experience integrating threat intelligence (MISP, OpenCTI, STIX/TAXII) into SIEM and SOAR workflows.
• Strong alignment of detections and playbooks to MITRE ATT&CK and experience with behavior‑based detections.
• Experience applying AI to SOC operations such as alert summarization, triage enrichment, incident clustering, case routing, and governance of AI usage.

• Write high‑signal detections using SPL, KQL, EQL, Lucene, Sigma, or equivalent query languages.
• Design behavior‑based detections, including correlation, baselining, anomaly, and sequence detection.
• Tune alerts, suppress noise, and apply allow listing.
• Model data, normalize logs, extract fields, parse, and enrich telemetry.
• Map detection coverage to MITRE ATT&CK and kill‑chain concepts.

• Build SOAR playbooks and automated response actions with approval gates and safe failure modes.
• Integrate via REST APIs, webhooks, message queues, and event‑driven designs.
• Manage case handling, ticketing integration, and automated evidence collection.
• Automate containment actions such as disabling accounts, revoking sessions, isolating endpoints, blocking indicators, and quarantining email.

• Translate threat intelligence into actionable detections, hunts, enrichment, and response steps.
• Manage the lifecycle of IoCs, including confidence scoring and expiration handling.
• Apply STIX/TAXII, MISP, and OpenCTI feeds and conduct threat hunting with hypothesis‑driven techniques.

• Design AI‑assisted workflows for triage, summarization, correlation, and recommendation.
• Build agentic workflows with human approvals, audit trails, and policy guardrails.
• Operate prompt engineering fundamentals for security workflows and retrieval‑augmented approaches.
• Evaluate AI outputs for accuracy, bias, and safety, and implement…