Cyber Security Architect

Cybersecurity Principal - Security Operations & Incident Response[JR1]Position SummaryWe are seeking an experienced and highly skilled Cybersecurity Principal to own and advance security operations, incident response, threat detection, and security engineering capabilities within a fast-paced enterprise environment.This role serves as a hands-on technical authority and operational leader, responsible for defining detection standards, leading high-severity incident response, and continuously maturing SOC processes and tooling. The ideal candidate brings deep expertise across security operations, detection engineering, incident response, network security, and cloud monitoring, and is comfortable operating at both strategic and tactical levels.This individual will work closely with internal teams, MSSP partners, and leadership to strengthen the organization's overall cybersecurity posture while ensuring reliable, effective day-to-day security operations.Required Qualifications5+ years of progressive experience in Security Operations, Incident Response, Threat Detection, or Cybersecurity Engineering roles.Strong hands-on experience with SIEM administration, detection engineering, and log analysis.Demonstrated incident response leadership and threat investigation expertise.Experience operating within MSSP or managed security environments.Solid understanding of SOC workflows, alert triage, escalation procedures, and SLA management.Hands-on experience with enterprise security technologies, including: SIEM and log management platformsMDR / MSSP security platformsEndpoint detection and response (EDR/XDR)Email security technologiesNetwork security and firewall platformsCloud security monitoring solutionsThreat intelligence and alerting systemsStrong understanding of attacker behaviors, obfuscation techniques, and modern threat landscapes.Knowledge of network security fundamentals and enterprise security architecture.Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience.Preferred QualificationsExperience collaborating with red teams, adversary simulation, or threat emulation efforts.Experience with AWS and/or Google Cloud security monitoring.Working knowledge of the MITRE ATT&CK framework and threat intelligence operations.Experience with security automation, scripting, or SOAR technologies.Familiarity with compliance frameworks and operational security standards.Experience defining or maturing SOC metrics, KPIs, and operational reporting.Key ResponsibilitiesSecurity Operations & MonitoringLead advanced security operations activities across enterprise environments.Define and maintain detection standards, alert fidelity criteria, and SOC operational best practices.Monitor, investigate, and analyze security alerts, events, and incidents across networks, endpoints, email, identity, and cloud platforms.Review and interpret raw security logs and telemetry from multiple enterprise systems.Develop, tune, and maintain detection rules, alert logic, and correlation searches.Own and continuously improve SOC workflows, escalation processes, operational efficiencies, and response procedures.Support SLA tracking, incident prioritization, and operational reporting.Incident Response & Threat AnalysisAct as lead investigator or incident commander for high-severity security incidents.Lead and support incident response investigations, including containment, eradication, and recovery.Perform forensic analysis and root cause investigations related to cybersecurity incidents and suspicious activity.Identify attacker techniques, persistence methods, evasion tactics, and malicious behaviors.Conduct proactive threat hunting to identify advanced threats and indicators of compromise.Coordinate with MSSP providers, internal teams, and leadership during active incidents.Security Engineering & Platform AdministrationAdminister, optimize, and mature enterprise security platforms and monitoring technologies.Architect and enhance detection pipelines, log correlation strategies, and investigative workflows.Assist with onboarding new log sources, integrations, and data normalization efforts.Support cloud security monitoring and detection across hybrid and multi-cloud environments.Collaborate with infrastructure and engineering teams to improve security visibility and defensive controls.Network & Infrastructure SecurityAnalyze network traffic, firewall logs, and endpoint telemetry to identify malicious or anomalous activity.Support enterprise network security operations in partnership with infrastructure and platform teams.Assist with improving segmentation, monitoring, and visibility across enterprise infrastructure.Threat Detection & Adversarial AnalysisApply adversarial knowledge and attack methodologies to improve detection and defensive capabilities.Identify monitoring gaps and recommend improvements to detection coverage.Validate detection capabilities against common attacker tactics, techniques, and procedures (TTPs) through adversary emulation, tabletop exercises, and purple-team activities.Documentation & CommunicationDocument incident findings, response actions, and technical analysis clearly and accurately.Provide operational metrics, reporting, and actionable recommendations to leadership.Assist with developing security standards, operational procedures, and incident response playbooks.Communicate technical findings effectively to both technical and non-technical stakeholders.

Created: 2026-05-13