Senior Engineer, Security Operations

Why We Are - Who We Are: About FFF Enterprises What We Do - Position Summary The Senior Security Operations Engineer is a senior individual contributor responsible for defending the organization against cybersecurity threats through proactive threat detection, real-time incident response, and continuous improvement of security operations capabilities. This role requires deep, hands-on Security Operations Center (SOC) and incident response experience and serves as a senior technical authority during security incidents. The position works closely with Information Security Leadership, IT teams, and cross-functional stakeholders to identify, assess, detect, and respond to threats across on-premises and cloud environments. Responsibilities include detection engineering, response automation, incident readiness, audit support, and the development of operational playbooks, dashboards, and testing exercises to ensure resilience and regulatory preparedness. Essential Functions and Duties Security Event Monitoring & Incident Response: Continuously monitor and analyze security telemetry across SIEM platforms, system logs, network traffic, identity systems, applications, cloud workloads, and endpoint detection tools Correlate activity across endpoint, network, identity, and application assets to identify complex or multi-stage attack patterns Act as a hands-on incident responder during active security incidents, including investigation, containment, eradication, and recovery Serve as a senior technical escalation point during high-severity incidents, providing guidance on response actions and prioritization Coordinate incident response efforts with internal IT teams, business stakeholders, and external partners, including managed security service providers (MSSPs) Provide timely, accurate incident updates to technical and non-technical stakeholders Perform post-incident root-cause analysis and document findings, lessons learned, and remediation actions Maintain detailed incident records to support forensic, regulatory, and audit requirements Participation outside of normal business hours may be required during active incidents. Up to ten percent (10%) travel may be required. Detection Engineering & Security Operations Engineering: Design, develop, and maintain detection logic, alerts, and use cases across SIEM, EDR, MDR, and related security platforms Test, tune, and refine detection content to improve signal quality and reduce false positives Evaluate the effectiveness of existing security monitoring and response tools and recommend improvements or configuration changes Partner with IT infrastructure, cloud, and application teams to ensure logging and telemetry support effective detection and response Identify inefficiencies within security operations processes and implement scalable, automation-driven improvements Develop automated and guided response workflows to accelerate containment and remediation Build and maintain dashboards, metrics, and reports to support operational visibility and leadership decision-making Incident Response Program Development & Operational Readiness: Validate, maintain, and continuously improve incident response plans, procedures, and escalation models Develop and maintain incident response runbooks and playbooks for common, high-risk, and emerging threat scenarios Support and conduct tabletop incident response and recovery exercises; document outcomes and remediation actions Partner with the Information Security Leadership and cross-functional stakeholders to strengthen organizational preparedness and response maturity Ensure incident response processes align with industry frameworks and internal control requirements Threat Intelligence & Threat Analysis: Monitor internal and external threat intelligence sources to identify emerging threats, indicators of compromise, and adversary activity Analyze and contextualize threat intelligence to assess relevance to the organization's environment, risk profile, and business operations Conduct threat assessments to identify likely attack vectors, potential impact, and appropriate defensive measures Map adversary tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK Proactively research and hypothesize new threats and detection opportunities Translate threat intelligence into actionable detection logic, response guidance, and risk insights Risk Communication, Reporting & Stakeholder Support: Develop metrics, dashboards, and reporting to communicate security operations performance and risk posture Provide consultative guidance to IT and business stakeholders regarding security risks and incident response considerations Support executive-level reporting and briefings related to security incidents, trends, and response effectiveness Contribute to a culture of security awareness, operational discipline, and continuous improvement HITRUST, Audit Readiness & Control Assurance: Serve as a key technical contributor supporting HITRUST, regulatory, and third-party security audits, with emphasis on SOC operations and incident response controls Maintain audit-ready documentation for incidents, investigations, response actions, and remediation efforts Support the collection, validation, and presentation of security operations evidence, including logs, alerts, dashboards, runbooks, and workflows Partner with Information Security Leadership, IT, Compliance, and Risk teams to ensure alignment with HITRUST CSF, NIST, and internal control requirements Participate in audit interviews, walkthroughs, and evidence reviews related to incident response and security monitoring Identify control gaps or deficiencies and contribute to remediation planning and implementation Ensure security operations processes are executed consistently and documented to withstand external audit scrutiny General Company Responsibilities: Adheres specifically to all company policies and procedures, Federal and State regulations and laws Display dedication to position responsibilities and achieve assigned goals and objectives Represent the Company in a professional manner and appearance at all times Understand and internalize the Company's purpose; Display loyalty to the Company and its organizational values Display enthusiasm and dedication to learning how to be more effective on the job and share knowledge with others Work effectively with co-workers, internal and external customers and others by sharing ideas in a constructive and positive manner; listen to and objectively consider ideas and suggestions from others; keep commitments; keep others informed of work progress, timetables, and issues; address problems and issues constructively to find mutually acceptable and practical business solutions; address others by name, title, or other respectful identifier, and; respect the diversity of our work force in actions, words, and deeds Comply with the policies and procedures stated in the Injury and Illness Prevention Program by always working in a safe manner and immediately reporting any injury, safety hazard, or program violation Ensure conduct is consistent with all Compliance Program Policies and procedures when engaging in any activity on behalf of the company. Immediately report any concerns or violations Other duties as assigned Education, Knowledge, Skills and Experience Required Education: Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a closely related technical field An equivalent combination of education, certifications, and relevant professional experience may be considered in lieu of a degree Preferred Education: Master's degree in Cybersecurity, Information Assurance, Computer Science, or a related discipline Formal coursework or advanced training in incident response, digital forensics, threat intelligence, or security engineering Required Knowledge: Advanced knowledge of security operations and incident response lifecycle management within a Security Operations Center (SOC) environment Strong understanding of Windows and Linux operating system security Knowledge of network security principles, including firewalls and intrusion detection and prevention systems Knowledge of modern threat landscapes, attacker techniques, and evasion methods Ability to translate threat intelligence into actionable detection and response logic Knowledge of evidence collection, documentation standards, and audit support requirements Ability to communicate technical security risk in business-relevant terms Preferred Knowledge: Familiarity with incident response frameworks such as NIST 800-61 and MITRE ATT&CK Knowledge of security automation and orchestration (SOAR) concepts and tools Knowledge of cloud security concepts and controls across AWS, Azure, and GCP Knowledge of scripting and automation concepts using Python or similar languages Knowledge of advanced query development within SIEM or large-scale data platforms Familiarity with audit-driven or regulated security environments Critical Experience Requirement - SOC / Incident Response: This experience is essential to success in this role. Minimum three (3) years of hands-on experience in a Security Operations Center (SOC) or formal incident response function, performing real-time incident response activities Demonstrated experience investigating, containing, remediating, and documenting real-world security incidents Proven ability to operate effectively in high-pressure environments requiring rapid decision-making, precise execution, and cross-functional coordination Required Experience: Minimum five (5) years of progressive experience in cybersecurity, inclusive of security operations or incident response functions Demonstrated experience implementing, tuning, or maintaining security detection and response technologies, including SIEM, EDR, IPS, MDR, or SOAR platforms Experience developing, executing, and maintaining incident response plans, playbooks, and escalation procedures Experience documenting security incidents and response actions for technical review, leadership communication, and audit evidence Demonstrated experience contributing to the continuous improvement of security operations processes and response effectiveness Preferred Experience: Minimum seven (7) or more years of progressive cybersecurity experience demonstrating increased scope, autonomy, or technical depth Experience beyond baseline SOC response, such as detection engineering, threat intelligence analysis, or security automation Experience supporting audit-driven or regulated security programs, including HITRUST, SOC 2, ISO 27001, or similar frameworks Experience translating control requirements and audit findings into operational security practices and remediation actions Experience producing executive-level, board-facing, or audit-facing security reporting, dashboards, or metrics Experience with CrowdStrike EDR or comparable enterprise endpoint detection and response platforms Required Skills: Strong analytical and problem-solving skills Excellent organizational and prioritization abilities High attention to detail and accuracy Clear, concise written and verbal communication skills Ability to work independently with limited supervision Sound judgment and decision-making under pressure Ability to balance strategic thinking with hands-on execution Professional integrity, accountability, and commitment to continuous improvement Willingness to stay current with evolving cybersecurity threats and technologies Preferred Skills: Ability to mentor or guide junior analysts without formal people-management responsibility Strong incident command presence during high-severity security events Ability to translate technical findings into executive-ready summaries and audit narratives Comfort operating in regulated, audit-driven, or compliance-sensitive environments Strong collaboration skills with IT, Compliance, and Legal stakeholders Required Certifications: None Preferred Certifications: Industry-recognized cybersecurity or incident response certifications such as GCIH, GCIA, GCFA, CISSP, or CEH Certified Information Security Manager (CISM) GIAC Security Operations Certified (GSOC) GIAC Cloud Security Automation (GCSA) or comparable cloud security certifications Vendor-specific certifications related to SIEM, EDR, or SOAR platforms (e.g., CrowdStrike, Splunk, Microsoft Sentinel) Physical requirements Vision, hearing, speech, movements requiring the use of wrists, hands and/or fingers. Must have the ability to view a computer screen for long periods and the ability to sit for extended periods. Must have the ability to work the hours and days required to complete the essential functions of the position, as scheduled. The employee occasionally lifts up to 20 lbs. and occasionally kneels and bends. Must have the ability to travel occasionally. Working condition include normal office setting. Mental Demands Learning, thinking, concentration and the ability to work under pressure, particularly during busy times. Must be able to pay close attention to detail and be able to work as a member of a team to ensure excellent customer service. Must have the ability to interact effectively with co-workers and customers, and exercise self-control and diplomacy in customer and employee relations' situations. Must have the ability to exercise discretion as well as appropriate judgments when necessary. Must be proactive in finding solutions. Direct Reports None EEO/AAP Statement FFF Enterprises is an EEO/AAP employer; all business decisions (employment, promotions, compensation, etc.) are made without regard to race, color, religion, creed, gender, national origin, age, disability, marital or veteran status, sexual orientation, gender identity, or any other legally protected status. FFF Enterprises promotes an equal employment opportunity workplace which includes reasonable accommodation consideration of otherwise qualified disabled. Acknowledgement The above statements are intended to describe the general nature and level of work being performed by the incumbent assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and/or skills required of all personnel so classified. The undersigned employee acknowledges receipt of the Job Description for the employee's position and understands the essential functions, responsibilities and qualifications of the position. Furthermore, the employee acknowledges that this Job Description does not include all of the essential functions of this position, and that these essential functions may change as deemed necessary by the manager. Print Name Signature Date To be considered for a position with FFF Enterprises, Inc, applicants must complete and sign the application. Employee Benefits Available for FFF Enterprises Team Members Employee benefits include: Medical Insurance Dental Insurance Vision Discount Program Vision Insurance Plan Health Savings Account (HSA) Flexible Spending Account (FSA) Dependent Care Flexible Spending Account Employee Assistance Program (EAP) Group Life and AD&D Voluntary Supplemental Life Insurance Plans Short Term Disability Long Term Disability Income Protection 401k Profit Sharing Retirement Plan - Discretionary Match Discretionary Bonus Supplemental Insurance Plans Prepaid Legal/Identity Theft Plan Paid Holidays/Vacation/Sick Days Seven (7) Paid Holidays, Two (2) Week Vacation, Five (5) Sick Days, and One (1) Float Day for CA, NC, and TX All Other States Receive One Hundred Twenty (120) Hours of PTO Tuition Reimbursement Program Notary Services Employee Referral Bonus Vendor Discount Programs Corporate Individual Travel Program (Note: We comply with the ADA and consider reasonable accommodation measures that may be necessary for eligible applicants/employees to perform essential functions. Hire may be subject to passing a medical examination, and to skill and agility tests.)

Created: 2026-03-04