IT Security Engineer; On-site

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

IT Security Engineer

Exempt/Salary

Information Security

Gulf Capital Bank aims to redefine the value of a bank by offering the personal relationship touches of a traditional community bank combined with the ease of state‑of‑the‑art banking technology and global connections provided by a group of Houston’s business and civic leaders.

The IT Security Engineer is responsible for the day‑to‑day operation, monitoring, and continuous improvement of the bank’s cybersecurity controls, with a strong focus on incident detection, investigation, containment, and response across on‑premises and cloud environments. This role acts as a first responder during security incidents, performing technical triage, scope determination, and initial containment, while collaborating with IT, infrastructure, and business teams to eradicate threats and restore services.

The ideal candidate demonstrates hands‑on expertise with Next‑Generation Firewalls (NGFW), Microsoft Defender for Endpoint, Microsoft Azure security controls, and enterprise incident response practices. This role requires a strong understanding of the financial services threat landscape, the ability to translate technical findings into business impact, and the discipline to operate within regulatory and audit expectations.

• Serve as a primary responder for cybersecurity incidents, performing alert triage, investigation, containment, eradication, and recovery activities across endpoints, networks, and cloud platforms.
• Conduct initial incident analysis, determine scope, assess business impact, preserve evidence, and recommend containment and remediation actions.
• Maintain and execute incident response playbooks, including phishing, ransomware, malware, credential compromise, insider threat, and data exposure scenarios.
• Coordinate incident response activities with internal IT teams, management, and external partners as required.
• Document incidents thoroughly, including timeline, root cause, indicators of compromise (IOCs), actions taken, and lessons learned.

• Manage and operate Microsoft Defender for Endpoint (MDE), including alert investigation, advanced hunting, threat containment, and incident correlation.
• Analyze endpoint telemetry, behavioral indicators, and attacker tactics to identify malicious activity and lateral movement.
• Tune detection logic and response actions to reduce false positives while improving detection efficacy.
• Validate remediation actions through post‑incident verification and rescanning.

• Monitor, manage, and support Next‑Generation Firewall (NGFW) platforms, including policy review, traffic inspection, intrusion prevention, and threat detection.
• Investigate network‑based alerts, anomalous traffic patterns, and blocked/exploited services.
• Work with infrastructure teams to ensure firewall configurations align with least‑privilege and defense‑in‑depth principles.
• Participate in firewall rule reviews, network segmentation initiatives, and rule recertification efforts.

• Support cybersecurity operations within Microsoft Azure, including monitoring of Azure‑native security controls and logs.
• Assist in identifying misconfigurations, identity weaknesses, and exposure risks within cloud workloads.
• Investigate cloud‑related security alerts and suspicious activities, correlating them with endpoint and network telemetry.
• Collaborate with IT teams to improve secure cloud architecture, identity protection, and logging coverage.

• Perform threat and vulnerability analysis using data from SIEM, EDR, IDS/IPS, firewalls, email security platforms, and cloud security tools.
• Leverage MITRE ATT&CK and adversary TTPs to enhance detection, investigation, and response capabilities.
• Conduct basic malware analysis and extract indicators of compromise (IOCs) to support containment and threat hunting.
• Perform suspicious email analysis, URL/domain…