Lantern is seeking a Security Operations Engineer who will help defend a healthcare organization operating at the intersection of patient care, claims data, and fast-moving cloud and AI workloads. You'll join a tight-knit security team that owns detection engineering, incident response, threat hunting, and the operational health of our security stack with real influence over how that stack evolves. On any given week, you might tune detections in the SIEM, MSSP on MDR escalations, push policy changes in EDR and NDR, harden Policies, validate Vulnerability findings, or operationalize new telemetry from ISP, DLP, and EDR. We're looking for someone with 4+ years of security operations experience who thinks like an engineer and operates like a hunter comfortable in Azure, fluent enough in Python or PowerShell to eliminate toil, curious enough to chase weak signals across cloud and endpoint logs, and disciplined enough to document what they build so the next person can extend it. You'll balance detection and response work with the automation and tuning that makes both faster, and you'll partner closely with GRC, IT, and legal to keep our HIPAA, HITRUST CSF v11, and SOC 2 Type II commitments meaningful in practice not just on paper. What we care about most is your judgment, your curiosity, and your willingness to make the team better than you found it. Location: Hybrid - at least 3 days/wk in our Dallas, TX offices Key Responsibilities: - Monitor, triage, and investigate alerts across SIEM, EDR, NDR, and DLP platforms - Lead or support incident response activities including scoping, containment, eradication, and post-incident review in alignment with NIST SP 800-61r2 - Develop, tune, and maintain detection rules, correlation queries, and behavioral models across the security stack - Conduct threat hunting exercises using structured methodologies (MITRE ATT&CK, hypothesis-driven) - Build and maintain security automation workflows to reduce manual triage and accelerate response (Python, PowerShell, GitHub Actions, REST APIs) - Integrate security tooling with ticketing and workflow platforms (Jira) for consistent case management and SLA tracking - Contribute to SOAR playbook development and refinement - Support vulnerability management operations including Tenable scan management, findings triage, and Jira-based remediation tracking - Maintain and optimize SIEM content, log pipelines, and data sources; ensure complete and accurate log ingestion from cloud, endpoint, network, and identity layers - Manage and tune EDR policies, exclusions, and response actions within CrowdStrike Falcon - Support DLP policy operations, including investigation support for policy violations - Maintain firewall log visibility and coordinate with network/infrastructure teams on Fortinet policy enforcement - Support evidence collection and control testing for HITRUST CSF v11 and SOC 2 Type II assessments - Contribute to security documentation including runbooks, playbooks, and operational procedures - Participate in tabletop exercises and contribute to lessons-learned outcomes - Support identity and access-related security reviews in collaboration with the IAM/infrastructure team - Monitor and investigate anomalous activity associated with AI agent infrastructure, API integrations, and LLM-based services - Contribute to security controls and detection coverage for AI workloads under the organization's AI governance framework - Help develop behavioral baselines and detection logic specific to AI/agentic traffic patterns Requirements: - A minimum of 4+ years of experience in a Security Operations Center (SOC), IT security, or related security operations role - Hands-on experience with a SIEM platform (Sumo Logic, Splunk, Microsoft Sentinel, or equivalent); ability to write and tune detection queries - Proficiency with EDR platforms (CrowdStrike Falcon strongly preferred) - Working knowledge of network security fundamentals including firewalls, IDS/IPS, and network traffic analysis - Scripting proficiency in Python and/or PowerShell for automation and tool integration - Familiarity with cloud security concepts (Azure or AWS); experience investigating cloud-native log sources (Entra ID, Azure AD Sign-in Logs, CloudTrail, etc.) - Understanding of compliance-driven security operations in regulated environments (HIPAA, SOC 2, or HITRUST preferred) - Strong written communication skills for documentation, escalation, and stakeholder reporting - Exceptional interpersonal, organizational, and communication skills and ability to internalize and exemplify Lantern's LIGHT Values. Strong Candidates Will: - Experience working in a mature SOC environment with defined playbooks and runbooks. - Familiarity with AI/agentic system risks including prompt injection, data exfiltration via AI interfaces, and audit log analysis for LLM-based tooling. - Experience with NDR platforms (Darktrace or equivalent) - Familiarity with DLP tools and PHI/PII investigation workflows - Exposure to vulnerability management programs (Tenable.io or equivalent) - Experience building CI/CD-integrated security automation (GitHub Actions, Azure DevOps) - Familiarity with MISP or other threat intelligence platforms - Experience with identity governance platforms (Saviynt, CyberArk, or equivalent) - Exposure to AI/ML workload security or API security monitoring - GCIA, GCIH, GCED, CySA+, or equivalent certifications - Security certifications such as CompTIA Security+, CySA+, SC-200, GCIA, or equivalent. - A continuous learning mindset with interest in emerging threats, AI/agentic system risks, and evolving security technologies. Benefits - Medical Insurance - Dental Insurance - Vision Insurance - Short & Long Term Disability - Life Insurance - 401k with company match - Flexible Time Off - Paid Parental Leave