Lead Security Engineer

Role Overview

We are seeking a Lead SOC Engineer to serve as a key technical resource within our security operations. This role is responsible for managing complex incident response investigations, overseeing the technical output of our MSSP, and addressing vulnerabilities across our infrastructure and software supply chain.
The ideal candidate will provide deep technical expertise during security events and act as a consultant to our Engineering teams to ensure a secure development lifecycle.

Core Responsibilities

1. Digital Forensics & Incident Response (CSIRT)

• Investigation Lead: Conduct end-to-end forensic analysis (host, network, and memory) for high-priority security incidents.
• Root Cause Analysis: Perform deep-dive assessments to identify attack vectors and provide actionable recommendations to prevent recurrence.
• MSSP Oversight: Act as the primary technical point of contact for our MSSP, reviewing escalated alerts for accuracy and ensuring forensic readiness.

2. Software Supply Chain & Product Security

• CI/CD Integration: Work with Engineering and DevOps to identify and mitigate risks within build pipelines and the software development lifecycle (SDLC).
• Vulnerability Consultation: Translate technical vulnerabilities (SCA, SAST/DAST, and OWASP Top 10) into remediation steps for development teams.
• Cloud & Container Security: Assess and secure containerized workloads (Kubernetes/Docker) and cloud-native services in AWS/Azure.

3. Operational Leadership & Metrics

• Performance Tracking: Define and monitor SOC KPIs (MTTD, MTTR, and False Positive rates) to drive continuous improvement for both internal and managed services.
• Playbook Development: Create and maintain technical incident response playbooks and security policies that reflect the current threat landscape.
• Automation: Utilize Python or PowerShell to automate manual workflows and improve integration between security tools.

Technical Requirements

• Incident Response: Extensive experience with SIEM (Sentinel/Splunk/Google SecOps), EDR (CrowdStrike/SentinelOne/Defender), and forensic toolsets (Magnet, EnCase, or similar).
• Vulnerability Management: Advanced knowledge of enterprise scanners (Tenable/Qualys) and experience managing vulnerabilities in a CI/CD environment.
• Cloud Infrastructure: Technical proficiency in AWS or Azure security architectures.
• Communication: Ability to communicate technical risk clearly to both IT administrators and software engineers.

Preferred Certifications

• Incident Response: GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH).
• Cloud Security: CCSP, AZ-500, or AWS Certified Security – Specialty.
• General: CISSP or CISM.

What We Are Looking For

• A professional who prioritizes thorough investigation and root-cause identification over quick ticket closure.
• A collaborator who can partner effectively with Software Engineering to improve product security posture.
• A mentor who can utilize metrics and data to optimize security operations and vendor performance.