The Role
The Information Security Operations Specialist is responsible for the day-to-day detection, analysis, and containment of cyber threats across the enterprise, ensuring all security operations strictly align with business requirements, regulatory frameworks, and compliance standards. Utilizing a strong technical background in security monitoring, event correlation, and defensive architecture, you will serve as the primary hands-on expert for our detection and response tools and processes.
This role operates at an advanced operational level, ensuring the enterprise is not only resilient against evolving cyber threats through active threat hunting and rapid incident response but also continually prepared for rigorous compliance audits and risk assessments.
What You'll Do
Incident Detection, Threat Hunting & Security Monitoring:
- Continuously monitor, triage, and prioritize alerts from the SIEM, EDR, IDS/IPS, and cloud security platforms.
- Conduct proactive threat hunting exercises using threat intelligence feeds and log analysis to identify hidden adversaries.
- Perform deep-dive analysis (packet captures, endpoint artifacts, log correlation) to investigate suspicious activity, phishing campaigns, and data exfiltration attempts.
- Create and maintain architecture and process diagrams to support monitoring, detection, and response.
Incident Response, Forensics & Post-Incident Remediation
- Act as the primary technical lead during security incidents, driving containment, eradication, and recovery efforts.
- Conduct technical root-cause analysis and digital forensics following an incident to determine the scope of impact.
- Facilitate post-incident reviews to identify visibility gaps and translate technical lessons learned into updated incident response playbooks and hardened security controls.
Security Automation, Reporting & Process Design
- Develop scripts (Python, PowerShell, Bash) or SOAR playbooks to automate routine detection triaging, alert enrichment, and compliance reporting.
- Define technical and operational standards to guide the delivery of security services, identifying operational risks born from process shortcomings.
- Generate weekly/monthly operational and GRC metrics tracking incident response efficacy (MTTR/MTTD), patch compliance rates, and threat trends for executive leadership.
Risk-Based Vulnerability Management & Hardening
- Manage the enterprise vulnerability scanning infrastructure; analyze scan results, prioritize remediation based on business risk, and coordinate patching efforts with IT infrastructure teams.
- Perform continuous configuration compliance audits against industry security baselines (e.g., CIS Benchmarks).
- Participate in threat modeling and risk assessment exercises to identify systemic vulnerabilities in the enterprise architecture and recommend compensatory controls.
Governance, Framework Realignment & Audit Readiness
- Ensure that security monitoring, incident handling, and perimeter rules directly align with established frameworks such as CIS CSC, NIST CSF, SOC 2.
- Provide technical support and evidence for external and internal auditors, gathering and validating evidence (e.g., access reviews, firewall change logs, incident records).
- Draft, review, and maintain operational security policies, standards, and procedures to ensure continuous compliance and minimize organizational risk.
What You Bring
- 5 years of progressive, hands-on experience in a dedicated Security Operations Center (SOC), Incident Response team, or SecOps environment.
- Bachelor Degree in Information Technology, Computer Science, or a related field.
- Proven experience leading technical incident response efforts for complex security events (e.g., ransomware, cloud compromise, insider threats).
- Strong working knowledge of enterprise security stacks, including SIEM platforms (Splunk, Sentinel), EDR solutions (CrowdStrike, Defender), and Next-Gen Firewalls used as detection points.
- Demonstrated experience mapping technical controls to compliance frameworks (CIC, NIST, SOC 2) and participating directly in IT audits.
- Excellent analytical and communication skills, with a proven ability to stay calm during high-pressure incidents and translate technical risks into business impact for leadership.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
- Experience leading the design, evaluation, and implementation of new security tools and technologies.
- Hand-on experience managing Fortinet security tools (FortiGate, FortiManager, FortiAnalyzer, FortiEMS)
- Familiarity with compliance frameworks (NIST, CIS-CSC, SOC 2, ISO 27001)
- Preferred certifications, such as CISSP, GCIA/GCIH
Additional Requirements
- Availability to participate in on-call rotation for security incidents, including after-hours work during critical events.
What's in it for you
- A united, values-driven culture that genuinely cares about people, collaboration, and community.
- A comprehensive total rewards package, including Traditional Spending Account (TSA) and Health Care Spending Account (HCSA) coverage to support your physical, mental, and financial well-being.
- An additional five (5) personal care days, giving you extra flexibility to recharge, reset, or take care of what matters most.
