Security Operations Engineer

Security Operations Engineer – We are seeking a Security Operations Engineer to join our growing Security Operations team. This role will strengthen our daily monitoring, detection, and response capabilities across Microsoft Defender, Microsoft Sentinel, ASR (Attack Surface Reduction) controls, and others. The successful candidate will partner closely with our governance and IT teams and a third-party SOC to ensure timely detection, triage, and remediation of security events.

This is a hands‑on operational role focused on maintaining the organization’s defensive readiness, optimizing alert fidelity, and supporting incident response. The engineer will help expand the team’s capacity, improve response efficiency, and contribute to the continual evolution of our threat detection and response processes.

• Perform daily monitoring, triage, and investigation of security alerts within Security Operations tools, including Microsoft Defender, Sentinel, and Proofpoint.
• Validate, escape, and document incidents in coordination with internal teams and the third-party SOC.
• Implement and tune ASR rules and endpoint protection policies across managed devices.
• Collaborate with IT Operations to detect, contain, remediate, and recover from cyber events.
• Maintain and refine Sentinel analytic rules, automation workflows, and dashboards.
• Contribute to the development of incident response runbooks, metrics, and post‑incident reviews.
• Support cyber event analyses and investigations, alert validation, and data loss prevention signals.
• Assist in testing and deploying new endpoint and detection technologies.
• Participate in continuous improvement of detection logic, automation, and operational playbooks.

• 5+ years of hands‑on experience in Security Operations, SOC engineering, or incident response.
• Proficiency with Microsoft Defender XDR, Microsoft Sentinel, and ASR rules.
• Experience managing or integrating with SOC providers or MSPs.
• Strong understanding of endpoint security, event correlation, and log analysis.
• Familiarity with KQL (Kusto Query Language) and security automation tools (Logic Apps, Power Shell, or equivalent).
• Ability to independently investigate, document, and communicate security events.
• Excellent written and verbal communication skills with a focus on clarity and accountability.

• Experience with insider‑threat monitoring platforms.
• Background in Windows endpoint hardening and configuration management.
• Understanding of cloud and hybrid Azure architecture.
• Industry certifications such as SC‑200, AZ‑500, CompTIA CySA+, or GCIA.

• Analytical mindset and strong troubleshooting ability.
• Proactive approach to threat detection and control improvement.
• High sense of ownership and accountability for operational outcomes.
• Collaborative and communicative—comfortable coordinating across multiple technical teams.
• Adaptable and capable of balancing multiple priorities in a fast‑moving environment.

• Ability to effectively present information in one‑on‑one and small‑group situations to technical and non‑technical audiences.

• If this position will be performed in whole or in part in New York City, the base salary range is $110,000 – $135,000. Individual salaries may vary based on skills, experience, job‑related knowledge, and location. Base salary does not include other forms of compensation or benefits offered in connection with this position.

Send your resume to  with the subject line "Security Operations Engineer".

All qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability, or marital status.