Engineer - SOC & IR
Job Title: Engineer - Security Operations and Incident Response
Location: USA or Canada (Remote or Hybrid)
Description
This role is a critical function responsible for the ongoing transformation of the organization’s Security Operations & Incident Response program. With a focus on maintaining resilience and protecting the global enterprise from cybersecurity threats, the team operates an advanced security operations and incident response program focused on the identification, analysis, and eradication of cybersecurity threats and incidents across the global enterprise. In support of the rapid growth of this critical program, we are looking for an experienced, passionate, and highly organized engineer who will drive operational delivery excellence and continuous advancement across processes and technologies.
Primary Responsibilities
- Expert-level support for deep dive investigations, including digital forensics (memory, network, and malware analysis).
- Author and refine IR playbooks and operational guidelines to ensure the team remains agile in an evolving threat landscape.
- Develop and maintain threat models, incorporating findings from penetration tests into detection strategies.
- Design, implement, and refine complex detection rules and automated remediation workflows to identify adversarial behavior.
- Utilize threat intelligence and the MITRE ATT&CK framework to identify gaps in visibility and proactively mitigate emerging risks.
- Maintain comprehensive documentation of detection strategies, active investigations, and incident timelines.
- Work with the SIEM team to continuously tune SIEM rules to maximize detection fidelity while minimizing alert fatigue.
- Review and tune threat intelligence systems, including brand protection and dark web monitoring.
- Proficiency in scripting and query building using Python, XQL, PowerShell, or Bash, and experience with automation and/or orchestration (SOAR) tools.
- Support IR leadership as backup on IR-related activities.
Qualifications
- Bachelor’s degree and 5+ years of relevant experience in incident response and SOC tooling.
- In-depth knowledge of SIEM/SOAR platforms (e.g., Microsoft Sentinel, Palo Alto Cortex XSIAM/XSOAR) and incident response processes in hybrid cloud environments (GCP, Azure).
- Experience leading incident response as incident commander, performing root cause analysis and continuous optimization for SOC tools and processes.
- Familiarity with scripting languages (Python, PowerShell, Bash, XQL) is highly preferred.
- Understanding of regulatory compliance and frameworks such as MITRE ATT&CK, NIST, or ISO.
- Ability to prioritize tasks effectively, manage multiple priorities, and work both independently and as part of a team.
- Strong communication skills, with the ability to translate sophisticated technical issues or concepts to non-technical audiences in a clear and concise manner that focuses on business value.