Role Description We seek a highly skilled and hands-on Security Operations Technical Lead to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. The ideal candidate will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions. As the Security Operations Technical Lead, you will build and mature our SOC capabilities within our MSSP practice. The ideal candidate brings 7–10 years of MSSP experience (with at least 5 years on a SOC team) and a strong security engineering background across EDR/MDR, SIEM, Microsoft 365 security, and email security. In this role, you'll guide day-to-day SOC operations, detection engineering, and incident response, while remaining primarily hands-on. This is a remote position from anywhere in the USA. What You Will Do - SOC leadership & maturity (no hiring duties): - Establish and refine SOC processes (tiering, shift coverage, escalation paths, QA, SLAs/OLAs). - Drive runbook discipline, training plans, and continuous improvement for service quality. - Own SOC KPIs (MTTD/MTTR, detection efficacy, false-positive rate, case aging, CSAT/NPS). - Detection & response (hands-on): - Build and tune detections in SIEM/XDR; develop correlation rules, parsers, and dashboards. - Lead investigations and major incidents end-to-end; conduct post-incident reviews and reporting. - Perform proactive threat hunting aligned to MITRE ATT&CK and emerging TTPs. - Tooling & platform engineering: - Deploy, integrate, and operate EDR/MDR (CrowdStrike, SentinelOne, Blackpoint), Microsoft 365/Windows Defender, SIEM, SOAR, email security, vulnerability scanners, and NSM tools. - Engineer log onboarding/normalization across cloud (AWS, Azure, M365, GCP), network, endpoint, identity, and SaaS sources. - Build automation/orchestration playbooks to reduce MTTD/MTTR and analyst toil. - Service delivery & client engagement: - Serve as technical point of contact for customers; present posture reviews and improvement plans. - Define and meet service SLAs; contribute to SOWs, service catalogs, and onboarding playbooks. - Coordinate with customer IT/CISO teams, vendors, and legal/compliance during incidents. - Risk, compliance & continuous improvement: - Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001). - Drive vulnerability and exposure management with risk-based prioritization. - Run tabletop exercises, purple-team activities, and lessons learned. Qualifications - Deep knowledge of SOC operations (triage, incident lifecycle, evidence handling, documentation). - Strong grasp of Windows/*nix/AD/M365, identity security (SSO/MFA), network protocols, and cloud telemetry. - Expertise in detection engineering and query languages (SPL, KQL, Elastic DSL, AQL). - Familiarity with adversary emulation and frameworks (MITRE ATT&CK, D3FEND, CIS Controls). - Understanding of email security (phishing, BEC), vulnerability scanning/patching, and network security monitoring (IDS/IPS, PCAP). - Proficiency with SOAR concepts and playbook design (enrichment, containment, ticketing). - Scripting/automation (PowerShell, Python, or equivalent) for enrichment, triage, and response. - Clear written/verbal communication for executive briefings and technical reports. Requirements - Experience: 7–10 years in MSSP settings; 5+ years on a SOC team; 2–4+ years in a lead/technical lead capacity. - Platforms (hands-on in several): - EDR/XDR/MDR: CrowdStrike, SentinelOne, Blackpoint, Microsoft Defender for Endpoint, Cortex XDR, etc. - Microsoft ecosystem: Microsoft 365, Windows Defender / Defender for Endpoint, Defender for Office 365, Azure security telemetry (KQL, Log Analytics, Sentinel). - SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar, Exabeam, or similar. - SOAR: Splunk SOAR, Cortex XSOAR, Sentinel automation. - Email security & awareness: Mimecast, KnowBe4, Material Security, M365 Defender for Office 365. - Vulnerability management: Tenable, Qualys, or Rapid7. - NSM/IDS: Zeek, Suricata, commercial IDS/IPS. - IR leadership: Proven track record leading medium/major incidents (ransomware, BEC, insider, cloud credential abuse). - Cloud: Experience securing and monitoring AWS/Azure/GCP and M365 (identity and endpoint telemetry). - Process: Built or matured playbooks, runbooks, use-case catalogs, and service reporting. - Demonstrated KPI/OKR management. Benefits - Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer. - Employer funding to HSA accounts and FSA access. - Access to a 401(k) through Vanguard with a guaranteed employer contribution. - Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to. - 11 holidays with flexibility based on what is important for you and those you love. - Family-friendly benefits, including weeks off for Maternity leave, weeks off for non-birthing parent leave, employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more. - Support for individual development through certifications, continued learning, conferences, and more.

• Design, develop, and maintain security-focused platforms using scripting languages, C++, and Rust. • Implement modern development processes (CI/CD, DevOps, Agile) to ensure efficient and reliable delivery. • Build scalable solutions across Linux-based environments and cloud-native architectures. • Integrate diverse systems using APIs, webhooks, and other communication protocols. • Develop and maintain integrations with AI-driven tools and data enrichment platforms to enhance SecOps capabilities. • Ensure interoperability across heterogeneous environments and security tools. • Collaborate with SecOps teams to design and implement advanced monitoring, detection, and response solutions. • Troubleshoot complex systems and resolve performance, reliability, and security issues. • Apply cybersecurity best practices to safeguard infrastructure and applications. • Architect and manage cloud-based environments (AWS, Azure, GCP) with a focus on security and scalability. • Optimize Linux OS and kernel-level configurations for performance and resilience. • Automate infrastructure provisioning and configuration management.

• Information Security Operations Engineer is a member of the Gen Re Security team, who will leverage extensive experience in security operations to oversee and enhance proactive defenses and response capabilities. • The candidate shall work closely with Security and other IT practice leads to ensure that detection logic, incident response workflows, data quality, automation, and team collaboration are continuously improved and effectively managed. • The role entails strategic planning, research, testing, and implementation of new solutions, as well as the operation and maintenance of current solutions. • The candidate must be highly organized and analytical and is expected to partner and mentor effectively with other teams on an ongoing basis.

• Lead security incident investigations and ensure timely containment, root cause analysis, and cross-team collaboration. • Provide expert guidance on SIEM strategy, detection logic, and associated security technologies (EDR, email/web gateways, cloud controls). • Standardize and refine monitoring workflows to improve signal quality, reduce false positives, and expand visibility across the environment. • Leverage data from diverse sources (logs, telemetry, threat intel, case history) to identify patterns, emerging issues, and potential business impacts. • Develop, drive, and execute recommendations—technical or professional—that shape both short-term defensive actions and longer-term operational strategy. • Boost SOC effectiveness by implementing new tools, automation, AI-powered processes, and optimized playbooks supported by clear performance metrics. • Anticipate what’s next by actively monitoring emerging threats and regulatory changes that affect the company. • Mentor and elevate teammates by sharing expertise, modeling strong communication under pressure, and supporting a culture of learning within the SOC. • Collaborate closely with Technology teams, Legal/Privacy, Risk & Compliance, vendors, and third-party service providers. • Act as a subject matter expert for technology, policy, and regulatory topics in your area. • Maintain relevant professional certifications and stay current through conferences and ongoing professional development. • Advise peers and leadership on emerging risks, best practices, and operational implications.