Security Operations Engineer

We are seeking a Security Operations Engineer to join our growing Security Operations team. This role will strengthen our daily monitoring, detection, and response capabilities across Microsoft Defender, Microsoft Sentinel, ASR (Attack Surface Reduction) controls, and others.

The successful candidate will partner closely with our governance and IT teams and a third-party SOC to ensure timely detection, triage, and remediation of security events.

This is a hands-on operational role focused on maintaining the organization’s defensive readiness, optimizing alert fidelity, and supporting incident response. The engineer will help expand the team’s capacity, improve response efficiency, and contribute to the continual evolution of our threat detection and response processes.

Key Responsibilities

• Perform daily monitoring, triage, and investigation of security alerts within Security Operations tools, including Microsoft Defender, Sentinel, and Proofpoint.
• Validate, escalate, and document incidents in coordination with internal teams and the third-party SOC.
• Implement and tune ASR rules and endpoint protection policies across managed devices.
• Collaborate with IT Operations to detect, contain, remediate, and recover from cyber events.
• Maintain and refine Sentinel analytic rules, automation workflows, and dashboards.
• Contribute to the development of incident response runbooks, metrics, and post-incident reviews.
• Support cyber event analyses and investigations, alert validation, and data loss prevention signals.
• Assist in testing and deploying new endpoint and detection technologies.
• Participate in continuous improvement of detection logic, automation, and operational playbooks.

Required Qualifications

• 5 + years of hands-on experience in Security Operations, SOC engineering, or incident response.
• Demonstrated proficiency with Microsoft Defender XDR, Microsoft Sentinel, and ASR rules.
• Experience managing or integrating with SOC providers or MSPs.
• Strong understanding of endpoint security, event correlation, and log analysis.
• Familiarity with KQL (Kusto Query Language) and security automation tools (Logic Apps, PowerShell, or equivalent).
• Ability to independently investigate, document, and communicate security events.
• Excellent written and verbal communication skills with a focus on clarity and accountability.

Preferred Qualifications

• Experience with insider-threat monitoring platforms.
• Background in Windows endpoint hardening and configuration management.
• Understanding of cloud and hybrid Azure security architecture.
• Industry certifications such as SC-200, AZ-500, CompTIA CySA+, or GCIA.

Key Competencies

• Analytical mindset and strong troubleshooting ability.
• Proactive approach to threat detection and control improvement.
• High sense of ownership and accountability for operational outcomes.
• Collaborative and communicative—comfortable coordinating across multiple technical teams.
• Adaptable and capable of balancing multiple priorities in a fast-moving environment.

Language Skills

• Ability to effectively present information in one-on-one and small group situations to technical and non-technical audience.

Compensation

• If this position will be performed in whole or in part in New York City, the base salary range is $110,000 - $135,000. Individual salaries may vary based on different factors including but not limited to, skills, experience, job-related knowledge, and location. Base salary does not include other forms of compensation or benefits offered in connection with this position.

How to Apply?

Send resume to [email protected] with the subject line " Security Operations Engineer."

All qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status .