Security Operations Engineer

Job Summary

The Security Operations Engineer is responsible for the health, governance, and monitoring of the organization s identity infrastructure and digital perimeter. This role balances proactive hygiene such as Active Directory cleanup and MFA enforcement with reactive incident response and vulnerability management. You will act as a guardian of the "Least Privilege" model, ensuring that identities are secure, systems are monitored via Splunk, and emerging threats are mitigated through continuous auditing and the use of advanced tools like BloodHound and CrowdStrike.

Revised Job Description: Security Operations Engineer

Role Overview

We are looking for a detail-oriented Security Operations Engineer to join our collaborative Cyber Security team. This role is ideal for a professional who thrives on technical discipline and clear documentation. You will focus on three critical pillars: Identity Governance, Threat Detection, and Vulnerability Remediation. By auditing user privileges and enhancing our monitoring capabilities, you will play a vital role in reducing our organization's attack surface.

Key Responsibilities

1. Identity & Access Governance

• Active Directory Hygiene: Conduct regular health checks to disable stale accounts, resolve password expirations, and clean up duplicate credentials in Azure AD.
• Privilege Management: Enforce the "Least Privilege" model by auditing service accounts and removing unnecessary local administrative rights across the enterprise.
• Authentication & Scope: Verify Duo MFA enforcement for high-risk accounts and ensure environment isolation (preventing Dev/Test credentials from accessing Production).

2. Security Monitoring & Incident Response

• SIEM Optimization: Develop and refine detection use cases within Splunk to improve threat visibility.
• Alert Response: Investigate and remediate alerts from EDR, network anomaly detection, and identity protection tools (e.g., CrowdStrike, ExtraHop, Canary).
• Operational Readiness: Build and maintain high-quality runbooks, response templates, and knowledge articles to standardize incident handling.

3. Vulnerability & Threat Management

• AD Security: Utilize specialized tools like BloodHound and PingCastle to map and close attack paths within Active Directory.
• Threat Intelligence: Research emerging attack vectors and integrate third-party threat intel to proactively secure the environment.
• App Remediation: Identify unsupported or vulnerable applications and coordinate with stakeholders for patching or decommissioning.

Required Qualifications

• Education: Bachelor s degree in Computer Science, Systems Engineering, or a related technical field.
• Experience: 1 3 years in Information Security (4+ years preferred), with experience in both On-premise and AWS environments.
• Technical Proficiency: * Hands-on experience with Active Directory (group structures and lifecycle management).
• Familiarity with SOC tools: EDR (Carbon Black/CrowdStrike), Web Proxies, and SIEM (Splunk).
• Strong understanding of network protocols and troubleshooting.
• Soft Skills: Exceptional written communication for creating process documentation and runbooks; strong analytical thinking for resolving complex security incidents.

Preferred Skills & Certifications

• Certifications: CompTIA Security+, GSEC, or CEH.
• Frameworks: Knowledge of ITIL processes and ServiceNow.
• Technical Pluses: Experience with Oracle Databases, Network Firewalls, or tools like Varonis, Imperva, and Forescout.