Senior Security Operations Engineer

🕒 April 8

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Dispel

Dispel

51 - 200 employees

Founded 2014

💰 $1.5M Series A on 2015-08

The standards for how to remotely access a piece of operational technology have changed quite a bit since 2014. Now, safely accessing equipment requires a moving target defense network, a disposable intermediate component, a zero-trust architecture, and comprehensive monitoring.

📋 Description

• Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, maintain coverage dashboards • Close the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaS • Activate and configure SecOps SOAR capabilities including Domain-Wide Delegation, marketplace integrations, and bidirectional response actions • Build and maintain SOAR playbooks for major incident types such as phishing, malware, account compromise, lateral movement, and cloud-specific threats • Develop and maintain operational dashboards for SOC metrics, alert volumes, MTTA/MTTR, and coverage status • Manage Google SecOps RBAC • Build and deploy production detection rules mapped to MITRE ATT&CK within the first year • Develop custom parsers for AWS-native security services including GuardDuty, Security Hub, Inspector, WAF, CloudTrail, and VPC Flow Logs • Establish a detection lifecycle including proposal, testing, deployment, tuning, and retirement • Conduct quarterly detection quality reviews to measure false positive rates, coverage gaps, and rule health • Develop alert threshold optimization to reduce noise and analyst fatigue • Drive SentinelOne deployment across Azure VMs in commercial environments and all federal endpoints • Configure and operationalize Cloud Funnel for log export into Google SecOps • Build correlation rules between EDR alerts and SIEM detections • Manage SentinelOne RBAC groups and policy configuration • Coordinate with IT on agent deployment, health monitoring, and version management • Serve as senior escalation point for SOC incidents, ensuring investigations are thorough and reports include root cause, remediation actions, credential rotation plans, and follow-up timelines • Improve MTTA and MTTR through process optimization, better tooling, and analyst development • Lead quarterly tabletop exercises and after-action reviews • Maintain and improve incident response runbooks for all major incident categories • Integrate incident response workflows with Jira Service Management for tracking and escalation • Operationalize monthly scanning cadence across all environments using tools such as Nessus, AWS Inspector, and Azure Defender • Define and enforce remediation SLAs by severity: Critical within 72 hours, High within 7 days, Medium within 30 days • Build consolidated vulnerability dashboards in Google SecOps • Track SLA compliance and report metrics to the CISO • Coordinate remediation with engineering and infrastructure teams • Serve as primary technical interface with MSSP partner for 24/7 SOC coverage • Define and hold the MSSP accountable to SLAs, alert quality, and escalation procedures • Review MSSP deliverables such as dashboards, reports, and playbooks for quality and completeness • Manage the transition from the previous MSSP and ensure no coverage gaps • Provide day-to-day technical direction to SOC analysts by setting priorities, assigning tasks, and reviewing work products • Ensure incident response reports, playbooks, and dashboards meet quality standards before delivery to leadership or external stakeholders • Drive OKR execution for SOC-related objectives including logging coverage, detection counts, incident response metrics, and vulnerability SLA compliance • Identify skill gaps and development opportunities for junior analysts • Establish and enforce SOC processes that are documented, repeatable, and auditable

🎯 Requirements

• 6+ years of experience in security operations, detection engineering, or SIEM/SOAR engineering • Hands-on experience with Google SecOps (Chronicle) or equivalent enterprise SIEM such as Splunk, Sentinel, or QRadar, with Chronicle strongly preferred • Production experience with SentinelOne, CrowdStrike, or a comparable EDR platform • Deep knowledge of AWS security services including GuardDuty, Security Hub, Inspector, CloudTrail, WAF, and Config • Experience building detection rules mapped to the MITRE ATT&CK framework • SOAR playbook development and automation experience • Demonstrated ability to lead without formal authority by setting direction for peers or junior analysts • Strong incident response skills with experience writing complete reports for executive and external audiences • Understanding of NIST 800-53 controls, particularly Audit, System Integrity, and Incident Response families • Excellent written communication skills

🏖️ Benefits

• 136K-155K base + equity and performance bonus eligible, depending on experience and location • Full medical, vision, and dental insurance • Generous PTO • Remote-first culture with flexible hours • Opportunity to protect critical infrastructure at scale • Work with patented, cutting-edge security technology • Direct ownership of SOC maturation • Collaborative team with military, federal, and private sector expertise

Apply Now

Similar Jobs

🕒 March 17

Mastar Makine

1 - 10

🎯 Recruiter

🤝 B2B

Director Cybersecurity Operations leading SOC operations for a technology-driven recruitment agency. Overseeing incident response and managing security intelligence platforms while reporting to the Chief Information Security Officer.

🕒 March 13

Conduent

10,000+ employees

🤝 B2B

🛍️ eCommerce

🏛️ Government

Security Engineer focusing on security automation and engineering practices at Conduent. Collaborating with cross-functional teams to enhance global cybersecurity capabilities and streamline incident response.

🕒 March 6

General Motors

10,000+ employees

🚗 Transport

⚡ Energy

🏢 Enterprise

Senior Security Software Engineer designing and delivering secure, scalable integration services connecting the cyber ecosystem at GM. Responsible for driving architecture and mentoring developers.

🕒 February 18

Sword Health

201 - 500

⚕️ Healthcare Insurance

🤖 Artificial Intelligence

🧘 Wellness

Senior Security Engineer at Sword Health safeguarding cloud infrastructure and applications. Ensuring robust security measures, incident response, and continuous improvement for AI-centric healthcare.

🕒 February 14

General Motors

10,000+ employees

🚗 Transport

⚡ Energy

🏢 Enterprise

Senior Cybersecurity Engineer developing secure platforms and managing cloud environments. Collaborating with SecOps teams to enhance cybersecurity practices and safeguard GM’s information assets.