Other Jobs To Apply
No other job posts for this day.
The Senior Security Operations (Sec Ops) Engineer is a hands‑on senior individual contributor responsible for defending the organization against advanced cyber threats through high-fidelity detection, rapid response, and resilient security operations. This role anchors production incident response while owning and continuously improving the organization’s SIEM and detection engineering capabilities. This position is Splunk‑first, with primary tool ownership of Splunk Enterprise Security, including detection, content lifecycle management, alert quality, performance optimization, and platform reliability.
The Senior
SecOps Engineer partners closely with Information Security, IT, Cloud, Infrastructure, and Security Architecture teams to measurably improve threat visibility, response efficiency, and the overall maturity of security operations.
Security Monitoring & Incident Response
Support investigation and response activities for security incidents by collaborating closely with Information Security, responding to alerts generated by SIEM, EDR, cloud security, and other security platforms.
Investigate high‑severity and complex incidents coordinating escalation as needed with Information Security and IT teams.
Support incident response activities during major security events with Information Security, IT and Cloud teams under the direction of designated incident response leadership.
Partner with response teams to develop and communicate risk‑based response decisions, including containment actions, during active incidents.
Participate in and help coordinate a 24/7 on-call rotation, responding to after-hours incidents as required
Detection Engineering & Threat Hunting
Design end‑to‑end detection lifecycle in Splunk Enterprise Security, from hypothesis and development through production deployment, tuning, and retirement Design, build, and tune high quality signal detections that reduce false positives and improve mean time to detect and respond Conduct proactive threat hunting using SIEM, endpoint, identity and cloud telemetry to identify hidden or emerging threats Leverage query languages such as SPL and KQL to build effective detection and investigative workflows
Provide subject matter expertise on detection engineering and SIEM architecture to security and IT partners Support SIEM operations through use case placement, data routing decisions, and ongoing platform enhancements Serve as a subject matter expert for SIEM and detection engineering, providing guidance on logging, telemetry, and monitoring design Vulnerability & Risk Management
Act as the lead IT representative in vulnerability management processes, partnering with Information Security on risk prioritization, remediation coordination, validation, and reporting.
Apply or coordinate approved security patches and upgrades for vulnerable systems and platforms Utilize vulnerability management platforms (e.g., Rapid7 InsightVM) to identify, prioritize, and track remediation of security risks.
Microsoft & Enterprise Security Platforms
Operate and optimize Microsoft security technologies including Microsoft Sentinel, Defender, Entra ID, Intune, and Purview Ensure relevant Microsoft and cloud telemetry is effectively ingested into Splunk for centralized detection and response Collaborate with identity, endpoint, and core IT service teams to enhance protections across Microsoft ecosystems Support logging and monitoring strategy across cloud and on-premise environments
Partner with Security Architecture, Cloud, Application, and Infrastructure teams on secure design and implementation efforts Review third-party and vendor security assessments, identifying risks and tracking remediation activities Provide expert security guidance and recommendations to project teams and business stakeholders Communicate emerging threats, risks, and mitigation strategies to technical and non-technical stakeholders
5+ years of progressive experience in security operations, incident response, SOC, or related cybersecurity roles Advanced understanding of security monitoring, detection engineering, and incident response frameworks 4+ years of strong hands-on experience with SIEM platforms, with Splunk Enterprise Security preferred Experience developing and tuning detections using SPL, KQL, or similar query languages Deep experience with endpoint security and XDR platforms Strong knowledge of network security concepts including firewalls, WAFs, IDS/IPS, and defense-in-depth strategies Working knowledge of cloud security principles across AWS, Azure, and hybrid environments Ability to clearly document events, incidents, findings, and remediation actions Bachelor's degree in computer scie
