Security Operations Engineer

About employer

We are looking for a Security Operations Engineer to monitor, detect, and respond to threats across our infrastructure and services. You will own security monitoring and incident response, including SIEM operations, alert triage, and threat investigation. You will work closely with DevOps and engineering teams to improve detection capabilities and strengthen system security.

Responsibilities

• Monitor and triage security alerts from SIEM, EDR, and cloud security tools
• Investigate security incidents, contain threats, and contribute to post-incident reviews
• Maintain and tune detection rules to improve signal quality and reduce false positives
• Track and coordinate vulnerability remediation across infrastructure and services
• Perform access control reviews, privileged account audits, and maintain IAM hygiene
• Maintain security runbooks, playbooks, and incident response documentation
• Support SOC 2 and ISO 27001 audits, including evidence collection, control validation, and gap remediation
• Conduct scheduled internal security assessments and assist with penetration test scoping
• Collaborate with DevOps on system and cloud configuration hardening

Required Skills & Experience

Security Operations

• 2+ years in a security operations, SOC, or similar role
• Experience with at least one SIEM platform (e.g., Elastic SIEM, Splunk, Datadog Security, Microsoft Sentinel)
• Experience with alert triage, log analysis, and basic threat hunting
• Familiarity with the MITRE ATT&CK framework for incident classification
• Experience with at least one EDR platform (e.g., CrowdStrike Falcon, SentinelOne, Wazuh)
• Experience with vulnerability scanning tools (e.g., Nessus, OpenVAS, Qualys)

Cloud & Infrastructure Basics

• Working knowledge of AWS or GCP security controls (e.g., Security Groups, IAM, CloudTrail, GuardDuty)
• Operational-level Windows & Linux administration (e.g., log analysis, process inspection, basic system hardening)
• Familiarity with containerized environments (Docker, Kubernetes) from a security perspective

Compliance & Documentation

• Experience supporting SOC 2 or ISO 27001 audits
• Ability to write clear incident reports, runbooks, and policy documentation
• Experience with access review processes and IAM audits

Scripting & Automation

• Scripting proficiency in Bash or Python for operational automation (e.g., log parsing, report generation)
• No advanced software development experience required

Nice to have

• Experience with SOAR platforms (e.g., Tines, Shuffle, Splunk SOAR)
• Experience with network traffic analysis tools (e.g., Zeek, Suricata, Wireshark)
• Familiarity with threat intelligence feeds and IOC management
• Experience with zero-trust tools (e.g., Cloudflare Access, Tailscale, NetBird)
• Relevant certifications (e.g., CompTIA Security+, CEH, GCIH)

What we offer

• Competitive salary
• Remote-first, async-friendly team
• Dedicated budget for security tooling and training
• Clear growth path toward Senior SecOps or DevSecOps Engineer, with increasing ownership of detection engineering, automation, and security architecture