Engineer - Security Operations and Incident Response
Location
United States + 1 moreAll locations: United States | Canada
Posted
3 days ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
Engineer - Security Operations and Incident Response
Pearl Consulting Group
Role Description This role is a critical function responsible for the ongoing transformation of the organization’s Security Operations & Incident Response program. With a focus on maintaining resilience and protecting the global enterprise from cybersecurity threats, the team operates an advanced security operations and incident response program focused on the identification, analysis, and eradication of cybersecurity threats and incidents across the global enterprise. In support of the rapid growth of this critical program, we are looking for an experienced, passionate, and highly organized engineer who will drive operational delivery excellence and continuous advancement across processes and technologies. Primary Responsibilities - Expert-level support for deep dive investigations, including digital forensics (memory, network, and malware analysis). - Author and refine IR playbooks and operational guidelines to ensure the team remains agile in an evolving threat landscape. - Develop and maintain threat models, incorporating findings from penetration tests into detection strategies. - Design, implement, and refine complex detection rules and automated remediation workflows to identify adversarial behavior. - Utilize threat intelligence and the MITRE ATT&CK framework to identify gaps in visibility and proactively mitigate emerging risks. - Maintain comprehensive documentation of detection strategies, active investigations, and incident timelines. - Work with the SIEM team to continuously tune SIEM rules to maximize detection fidelity while minimizing alert fatigue. - Review and tune threat intelligence systems, including brand protection and dark web monitoring. - Proficiency in scripting and query building using Python, XQL, PowerShell, or Bash, and experience with automation and/or orchestration (SOAR) tools. - Support IR leadership as backup on IR-related activities. Qualifications - Bachelor’s degree and 5+ years of relevant experience in incident response and SOC tooling. - In-depth knowledge of SIEM/SOAR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XSIAM/XSOAR) and incident response processes in hybrid cloud environments (GCP, Azure). - Experience leading incident response as incident commander, performing root cause analysis and continuous optimization for SOC tools and processes. - Familiarity with scripting languages (Python, PowerShell, Bash, XQL) is highly preferred. - Understanding of regulatory compliance and frameworks such as MITRE ATT&CK, NIST, or ISO. - Ability to prioritize tasks effectively, manage multiple priorities, and work both independently and as part of a team. - Strong communication skills, with the ability to translate sophisticated technical issues or concepts to non-technical audiences in a clear and concise manner that focuses on business value.
Related Guides
Related Categories
Related Job Pages
More Security Operations Jobs
Cyber Security Operations & CTI Lead
Serco PlcAt Serco, you'll join a global organisation delivering essential public services that improve the lives of millions of people. Our values of Trust, Care, Innovation, and Pride guide everything we do. Committed to creating an inclusive workplace. Encourages applications from Aboriginal and Torres Strait Islander peoples, LGBTQIA+ communities, veterans, and people with disabilities.
Role Description Serco is building out its in-house cyber security capability, and this is a rare opportunity to shape it from the ground up. Around 18 months ago we made a long-term commitment to bringing more security expertise in-house — this new role is a key part of that plan. You'll provide senior technical leadership across Security Operations and Threat Intelligence, ensuring threats are identified, analysed, and translated into action. This is a hands-on technical role: monitoring, threat hunting, detection engineering, and incident response — strengthening how Serco detects and responds to evolving cyber threats. We're a small team with large ambitions, globalising this service, and you'll play a central role in shaping its future. - Provide technical leadership across Security Operations — alert triage, investigation, and escalation — and act as senior escalation point for complex investigations - Design, build, and evolve a new Cyber Threat Intelligence capability, integrating it into SOC workflows, detection logic, and incident response - Analyse and track threat actors and campaigns, mapping adversary TTPs to MITRE ATT&CK and translating intelligence into detection improvements - Develop, tune, and optimise detection rules based on threat intelligence and incident learnings - Lead hypothesis-driven threat hunting, feeding outcomes back into detection engineering - Lead cyber incidents end-to-end, producing high-quality incident reports with root cause analysis and lessons learned - Author and maintain incident response playbooks and SOC/CTI processes - Task-manage a team of analysts day-to-day, with around four direct reports as the function grows - Participate in an on-call rota supporting incident escalations Qualifications - 7+ years' experience in cyber security roles, in-house or within an MSSP - Strong experience within a SOC environment, including incident response end-to-end - Proven experience building or integrating a Cyber Threat Intelligence function - Strong knowledge of SIEM, EDR, and SOAR tooling, and the MITRE ATT&CK framework - Demonstrated detection engineering and intelligence-led threat hunting experience - Clear communication skills, technical and non-technical, and the ability to operate under pressure during incidents - Eligibility for BPSS clearance Requirements - Desirable: CISSP - Relevant SANS certifications (e.g. SEC503, FOR572) - Relevant Microsoft certifications (e.g. SC200) - Blue Team Level 2 (BTL2) Benefits - Company car - Private healthcare - Bonus scheme of up to 30% - Flexible working considered - Pension – 6% - Chance to contribute to innovation in the public services - A company passionate about diversity and inclusion - Serco discounts which include cinema, merlin entertainment and online shopping discounts, and discounts on mobile phone plans and leisure centre memberships - A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Simply Health Cash Plans, and more - A wealth of career development training to suit your future aspirations - A safe and supportive culture
• Monitor and analyze security events and alerts using Elastic Security SIEM • Conduct vulnerability scans with Tenable SC and assess cloud workloads via Tenable Cloud Security • Manage and enforce endpoint security policies using Trellix ePO or Microsoft Defender for Endpoint (MDE) • Monitor network security activity across Palo Alto Next-Generation Firewalls • Analyze secure access traffic through Zscaler Private Access and Internet Access • Detect, document, and escalate security incidents following established response procedures • Develop continuous monitoring reports and contribute to security posture dashboards • Track and present security KPIs to program leadership
Técnico Centro de Control, Soporte de Seguridad Junior
Manning Global AGKeeping you connected with new worldwide roles in IT, AI, Telecoms & Engineering!
• Handling emails and calls from internal client. • Creating Incident Tickets in the ITSM Tool. • Sorting incidents received from external teams using the tool into categories: Network, Billing, or IT. • Assigning the incident to the right team for resolution. • Coordinating with the appropriate team to obtain status updates and communicate them to the customer. • Closing incident tickets.
Forward Deployed Engineer – AI SOC
Thinkahead Consultant Psychologist Pty LtdWe get to the heart of the matter.....real people......real solutions
• Serve as the technical lead for deploying and operationalizing security and AI solutions in customer or enterprise environments • Translate business, operational, and security requirements into deployable architectures and implementation plans • Partner with internal and external stakeholders to ensure solutions are aligned to operational goals, compliance requirements, and long-term platform strategy • Act as a trusted advisor during onboarding, implementation, rollout, and optimization phases • Design and implement integrations across SIEM, XDR, SOAR, case management, data platforms, and AI-enabled tooling • Build and configure cloud-native data ingestion, normalization, and enrichment pipelines for security telemetry • Integrate APIs, webhooks, message queues, and automation workflows across identity, endpoint, cloud, network, and application ecosystems • Develop reusable deployment patterns, templates, and technical assets to accelerate future implementations • Operationalize AI and automation use cases within security workflows, including alert enrichment, triage support, summarization, clustering, playbook selection, and analyst copilots • Work with detection engineering and data teams to support the implementation of behavioral analytics, anomaly detection, risk scoring, and other AI-assisted security use cases • Help define data requirements, feedback loops, and operational guardrails needed to support effective AI outcomes in production environments • Ensure deployed solutions are practical, measurable, and aligned to analyst workflows and response objectives • Implement secure and governed automation for investigation and response use cases across heterogeneous environments • Support resiliency, observability, performance, and scale requirements for deployed solutions • Troubleshoot integration issues, deployment blockers, and production challenges in partnership with platform, cloud, and security teams • Improve reliability and maintainability through documentation, testing, monitoring, and standardized engineering practices • Collaborate across Security Operations, Security Engineering, Detection Engineering, Data Science, Infrastructure, and product or customer teams • Communicate technical concepts clearly to both technical and non-technical stakeholders • Mentor engineers and contribute to best practices for implementation, delivery, and technical solution design • Provide field feedback to influence platform roadmap, product direction, and architectural standards.

