Cyber Security Engineer

Job Description

Location: Houston, TX

Type: Full-Time

Department: Information Security

Reports to: Security Engineering Manager / CISO

The Role

We re hiring a Cyber Security Engineer who builds, hardens, and defends the digital fortress. You ll design and deploy security controls, automate threat detection, hunt anomalies, and respond to incidents all while keeping the business running at full speed. If you think like an attacker, code like a defender, and live for the kill chain, this is your battlefield.

What You ll Do

Core Responsibilities

• Engineer security controls: EDR/XDR, SIEM rules, WAF, DLP, CASB, IAM policies.
• Deploy and tune detection: Splunk, Elastic, Microsoft Sentinel, CrowdStrike, Defender.
• Automate defense: SOAR playbooks (Phantom, Cortex XSOAR), Python scripts, infrastructure-as-code security.
• Conduct threat hunting: Hypothesis-driven queries, UEBA, memory forensics, network telemetry.
• Respond to incidents: Containment, eradication, recovery, forensics, post-mortems.
• Harden systems: CIS/STIG benchmarks, patch management, secure baselines, zero-trust microsegmentation.
• Secure cloud environments: AWS GuardDuty, Azure Security Center, Google Cloud Platform Security Command Center, CSPM.
• Run vulnerability management: Scanning (Qualys, Tenable), risk prioritization, remediation tracking.
• Support compliance: SOC2, ISO27001, NIST CSF, PCI-DSS evidence, audits, control mapping.
• Participate in red/blue/purple team exercises and penetration test remediation.

What You Bring

Must-Have

• 4+ years in cybersecurity engineering, SOC, or SecOps.
• Hands-on SIEM: Splunk SPL, Elastic KQL, or Microsoft Kusto writing detections, not just dashboards.
• EDR mastery: CrowdStrike Falcon, Microsoft Defender, SentinelOne response workflows.
• Scripting/automation: Python (boto3, requests), PowerShell, Bash, regex ninja.
• Cloud security: AWS (Security Hub, Macie), Azure (Defender for Cloud), IAM/SCIM.
• Networking & OS internals: TCP/IP stack, Windows/Linux privilege models, sysmon, auditd.
• Incident response lifecycle: You ve contained ransomware and preserved evidence.
• One of: CISSP, GCIH, GCFA, GNFA, CCSP, or AWS Security Specialty.

Nice-to-Have

• SOAR development (playbooks, integrations, API orchestration).
• Threat intel platforms: MISP, OpenCTI, Recorded Future.
• Container security: Docker, Kubernetes, Falco, Aqua, Sysdig.
• Reverse engineering or malware analysis (IDA, Ghidra, Volatility).
• SASE/ZTNA: Palo Alto Prisma, Zscaler, Netskope.
• Certifications: OSCP, CCSP, GREM, EnCE.

Tech Stack

• Detection: Splunk ES, Elastic Security, Microsoft Sentinel
• EDR/XDR: CrowdStrike, Defender for Endpoint, SentinelOne
• Cloud: AWS (GuardDuty, Inspector), Azure (Security Center), Google Cloud Platform SCC
• Automation: Cortex XSOAR, Ansible, Terraform (secure modules)
• Vuln Mgmt: Tenable.io, Qualys VMDR
• Network: Palo Alto NGFW, Zeek, Suricata
• Forensics: Autopsy, Volatility, Velociraptor
• Identity: Okta, Azure AD, PingFederate