Builders FirstSource is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability.
Security Operations Center Engineer
Location
United States
Posted
1 day ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
Security Operations Center Engineer
Builders FirstSource
Role Description Security Engineers support the organization’s cybersecurity posture by monitoring security alerts, investigating potential threats, and assisting in the maintenance and improvement of security tools and processes. This role blends traditional Security Operations Center (SOC) responsibilities with foundational security engineering tasks—ideal for early-career professionals with hands-on technical experience who want to grow into more advanced cyber roles. We’re seeking a hands-on Security Operations Engineer who thrives in a 24x7 environment and can detect, analyze, and respond to cyber threats in real time. This role’s primary focus is SOC monitoring and incident response; the secondary focus includes security engineering work to mature detections, tune tooling, automate workflows, and harden the environment. Essential Duties and Responsibilities - Monitor SIEM/XDR/SOAR and other telemetry for alerts, anomalies, and indicators of compromise (IOCs). - Perform Level 1–2 triage, enrichment, scoping, and prioritization of events. - Execute response playbooks (isolation, containment, account/device quarantine, EDR actions, network blocks). - Support incident investigations (forensics acquisition, timeline analysis, root cause). - Document incidents thoroughly (IR tickets, evidence handling, post-incident reports). - Maintain shift logs, knowledge base updates, runbooks, and handoffs. Supervisory Responsibilities This job has no supervisory responsibilities. Qualifications - 2+ years relevant work experience. - Or an equivalent combination of experience and education. - Clear written and verbal communication, decision-making under pressure, and strong collaboration across IT and business teams. - Ability to work independently on shift and drive incidents to closure. Preferred Qualifications - Certifications: GCIA, CySA+ (or equivalent experience). - Experience with SentinelOne, Zscaler ZIA, Google Secops, Azure/M365 security tooling, E-mail security and PAM. Competencies - Detection & Response: Rapid triage, scoping, and containment with minimal escalation. - Analytical Rigor: Able to transform raw telemetry into actionable insights. - Engineering Mindset: Build/tune detections, automate repetitive work, and improve data quality. - Risk Orientation: Prioritize actions based on business impact and threat likelihood. - Documentation: Clear tickets, IR timelines, and post-incident reporting. BFS Competencies - Business and Financial Acumen - Demonstrates functional and/or technical expertise. - Demonstrates problem solving skills. - Results Driven - Holds self and others accountable. - Communicates and sets clear goals with plans to deliver. - Manages competing priorities effectively. - Demonstrates appropriate urgency. - Drives to exceed expectations in alignment with our BFS SPICE values. - Embraces and follows best practices. - Demonstrates self-starter, can-do attitude. Work Environment / Physical Activity The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - Subject to both typical office environment and outside locations with temperature and weather variations. - Must be able to lift and carry up to 25 pounds. - Occasional travel may be required. Benefits - Medical, dental, vision, and disability insurance plans. - 401(k) retirement savings plan. - PTO (including paid sick time). - 8 paid holidays per year (for salaried and hourly team members).
Related Guides
Related Categories
Related Job Pages
More Security Operations Jobs
Senior Manager, SOC Operations
KaseyaKaseya® is the leading provider of IT and security management solutions for managed service providers (MSPs) and SMBs.
• Oversee day-to-day operations of a multilocation, global 24/7 SOC monitoring ~3 million endpoints • Recruit, mentor, and train SOC analysts and team leads • Identify and implement automation opportunities to reduce manual workload • Actively assist with and lead threat hunting initiatives • Evaluate and recommend enhancements to SOC tools, technologies, processes, and workflows • Serve as a key point of contact for customer escalations • Manage shift coverage, compliance reporting, and cross-functional collaboration
Security Operations Center Specialist
CACI International IncExpertise and Technology for National Security
• Monitor security events and incident logs from various sources, including network devices, servers, endpoints, and security tools. • Identify and analyze potential security incidents and anomalies, taking appropriate actions to investigate and escalate as required. • Participate in incident response activities, including containment, eradication, and recovery procedures. • Work closely with incident response teams and IT staff to mitigate the impact of security incidents and minimize the risk of recurrence. • Stay updated with the latest cybersecurity threats and attack vectors. • Analyze threat intelligence reports to proactively detect and respond to emerging threats. • Operate and maintain security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), antivirus, and other security-related solutions. • Conduct in-depth analysis of security incidents, perform digital forensics, and document findings for future reference and improvement. • Prepare and submit detailed incident reports, including root cause analysis and recommended remediation actions, to senior management and stakeholders. • Implement continuous monitoring processes to ensure ongoing visibility into the security posture of the organization. • Perform regular audits of security controls and configurations. • Collaborate with the security awareness team to provide input into security training materials and awareness campaigns for employees, enhancing the overall security culture. • Ensure compliance with established security policies, standards, and procedures. • Assist in the development and maintenance of security policies as necessary. • Provide clear and concise shift handover reports to SOC colleagues, ensuring accurate communication of ongoing incidents and pertinent information.
• Driving the design and implementation of defense-in-depth infrastructure and application security solutions for our customer facing SaaS platform in AWS public cloud environments • Driving architecture, implementation, configuration and automation of native and third party cloud security solutions for hardening, detection, prevention, logging and response solutions for security vulnerabilities and threats • Provide thought leadership with a security bent of mind to the organization • Working closely with Product, Engineering and IT in a DevSecOps model on technologies like FWs, ACLs, WAFs, IAM roles and permissions, Vulnerability management and hardening, Threat and Intrusion detection, Kubernetes Container Security solutions, Pen Test and endpoint security • Assisting in incident response and triaging activities as needed for security incidents and events • Using AI in security operations to streamline and optimize the security incident management, resolution.
Role Description Our Cyber Security Operations Centre (CSOC) is a fully internal team responsible for threat detection, investigation, and incident response. The CSOC's mission centres on threat investigation and continuously refining the organisation's ability to detect and respond to incidents — catching threats early to mitigate and minimise impact. The team works with an advanced toolset anchored by Palo Alto XSIAM as the SIEM and investigation platform, drawing on telemetry from a wide range of sources including endpoint agents, cloud infrastructure, network controls, and application-layer signals from platforms such as Cloudflare. We are building towards a modern, AI-augmented CSOC — one where agentic investigation pipelines handle first-pass triage and analysis, and our analysts focus on validation, quality assurance, and complex threat investigation. This role requires analytical thinking, a willingness to work with and improve automated systems, and genuine curiosity about how threats manifest in cloud-native environments. A CSOC Analyst is an independently operating practitioner: someone who can own incidents end-to-end, write and maintain detection content, critically assess the conclusions of AI-driven investigation pipelines, and act as a capable on-call responder. This role is ideal for an analyst with solid foundations who is ready to take on greater ownership and is growing towards a senior or specialist track. - Triage, investigate, and analyse security incidents — own alerts from initial triage through to resolution or escalation, working within XSIAM as the primary investigation and case management platform - Validate agentic investigation conclusions — review, challenge, and provide structured feedback on AI-driven investigation outputs; identify false positives, missed signals, or incorrect conclusions, and feed insights back to improve automated pipeline quality - Write and maintain playbooks — author, review, and iterate on detection and response playbooks; ensure playbooks reflect current threat landscape, tooling, and team processes; follow playbooks consistently during incident response - Implement and tune correlation rules — develop and refine XSIAM correlation rules to improve detection fidelity; reduce false positive rates through systematic tuning; document changes and rationale - Handle cloud security incidents — investigate incidents originating in or involving cloud infrastructure (AWS, GCP, or Azure); understand cloud-native attack paths, misconfigurations, and threat indicators - Participate in the on-call rota — share on-call responsibility with the wider team; respond to critical and high-severity incidents outside business hours in line with defined SLAs - Contribute to threat detection improvement — proactively identify detection gaps, propose new use cases, and collaborate with Security Engineering to implement them - Support threat intelligence operationalisation — apply threat intelligence to detection, investigation, and hunting activities; consume and act on intelligence from internal and external sources Qualifications - SIEM and investigation platform proficiency — hands-on experience working in a SIEM for alert triage, investigation, and case management; familiarity with query languages used for log analysis (XQL, KQL, SPL, or equivalent) - Incident response competency — demonstrable experience investigating and responding to security incidents across a range of alert types (endpoint, network, identity, cloud); ability to follow and apply structured response methodologies - Detection engineering foundations — experience writing or tuning detection rules, correlation logic, or detection-as-code; understanding of what makes a detection effective and how to reduce noise - Cloud security knowledge — practical understanding of cloud environments (AWS, GCP, or Azure) as they relate to security; experience investigating cloud security incidents or misconfigurations - Endpoint telemetry analysis — ability to interpret endpoint telemetry during investigations; familiarity with the types of signals and indicators surfaced by endpoint agents - Playbook literacy — experience following formal incident response playbooks; ideally, experience writing or reviewing them - Analytical judgement — ability to critically evaluate evidence, assess confidence in conclusions, and make sound decisions with incomplete information - Communication — clear written communication; able to document investigations, produce concise incident summaries, and brief stakeholders appropriately - Ownership and accountability — takes end-to-end ownership of assigned incidents and tasks; follows through without requiring frequent prompting; flags blockers proactively Requirements - Direct experience with Palo Alto XSIAM or Cortex XDR — familiarity with the platform we use day-to-day - Cloud security certification — AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent - Experience with agentic or AI-assisted security tooling — prior exposure to AI-driven investigation or SOAR platforms, and an understanding of their limitations - Threat intelligence experience — familiarity with structured threat intel (MITRE ATT&CK, STIX/TAXII, threat feeds) and how to operationalise it - Scripting or automation skills — Python, Bash, or similar; ability to write simple automation or tooling to support investigations - Experience in a food delivery, e-commerce, or high-scale consumer platform environment - Relevant certifications: GCIA, GCIH, GCFE, SC-200, or similar Benefits - Team Vibes: Thrive in a collaborative culture where your ideas matter. - Tasty Perk: Enjoy a monthly Skip spend allowance – treat yourself! - More Time Off: Generous PTO with a buy and sell program with up to 5 extra days! - Family First: Up to 20 weeks top up for parental leave. - Premium Benefits: Flexible medical & dental insurance for you and your family. - Keep Learning: Access world-class training resources to power your success. - Perks Galore: Exclusive offers from Workperks from hundreds of top brands. - Future Funded: RRSP contributions with diverse investment portfolios. - We’ve Got You: Access paid sick time to care for yourself or your family when life happens & access to our well-being support programs. - Digital Nomads: Enjoy the freedom to work from almost anywhere in the world for 4 weeks a year. - Career Growth: Fuel your personal and professional evolution through our dedicated mentorship, global mobility pathways, and a wellness-first culture rooted in true diversity and inclusion. Company Description Just Eat Takeaway is one of the world's leading online food delivery marketplaces, connecting millions of customers with hundreds of thousands of restaurant partners across multiple continents. Operating at significant scale across markets including the UK, Canada, Australia, and Europe, we depend on robust and resilient security operations to protect our customers, partners, and platform.



