Location: Remote, USA.

Summary

The Cyber Security Engineer is responsible for the design, implementation, operation, and continuous improvement of enterprise security controls that protect critical infrastructure, systems, and data. This role serves as a hands-on engineering contributor within a lean, high-trust cybersecurity team, owning core security tooling and processes while acting as an escalation point for complex incidents. Operating at the intersection of security engineering, incident response, and program maturity, the Cyber Security Engineer partners closely with IT Infrastructure teams and external SOC/MDR providers to ensure threats are detected, contained, and eradicated effectively. Success in this role is driven by technical depth, operational ownership, and strong collaboration rather than passive monitoring.

Responsibilities

• Own triage, investigation, and response for security alerts and incidents across enterprise environments
• Serve as an internal escalation point for high-severity and complex security incidents
• Partner with external SOC/MDR providers on escalated alerts, tuning, and response coordination
• Conduct root-cause analysis, containment, eradication, and post-incident reviews with documented lessons learned
• Engineer, configure, and administer core security tools including EDR, vulnerability management, and email security platforms
• Design and implement detection rules, correlation logic, and automated response actions to improve security coverage and reduce mean time to response
• Evaluate, recommend, and implement new security tools and capabilities aligned to the security roadmap
• Maintain and improve integrations between security platforms and enterprise systems
• Own the vulnerability management lifecycle including scanning, prioritization, remediation tracking, and risk reporting
• Partner with Infrastructure and IT Operations teams to drive remediation efforts and verify fixes
• Produce vulnerability trend analysis, risk exposure metrics, and executive-facing reports
• Contribute to security program development by identifying gaps, proposing improvements, and executing initiatives
• Track and report on operational security metrics such as incident volume, MTTD, MTTR, and SLA performance
• Serve as a key technical advisor to Infrastructure teams on endpoint, server, network, and cloud security
• Support security awareness initiatives and cross-functional security education efforts

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent practical experience
• 3–5 years of hands-on experience in cybersecurity engineering, IT security, or a related discipline
• Demonstrated ownership of incident response activities from detection through containment, eradication, and post-incident review
• Strong experience engineering and tuning detection rules, SIEM alerts, and automated response workflows
• Proven vulnerability management experience including scan configuration, risk prioritization, and remediation tracking
• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, or equivalent
• Experience administering and engineering security tools such as EDR, vulnerability management, and email security platforms
• Experience managing or partnering closely with SOC, MDR, or MSSP providers
• Deep understanding of common attack vectors and adversary techniques including phishing, ransomware, credential compromise, lateral movement, and privilege escalation
• Strong analytical thinking, incident ownership, and documentation skills
• Ability to collaborate effectively with infrastructure, operations, and business stakeholders
• Relevant cybersecurity certifications (e.g., Security+, CySA+, CEH, GIAC) preferred
• Scripting or automation experience using Python or PowerShell preferred
• Experience securing enterprise infrastructure including Active Directory, cloud platforms (Azure, AWS, GCP), and hybrid environments
• Familiarity with security frameworks such as NIST CSF or CIS Controls preferred