Sr. Cybersecurity Engineer (SOC/Threat & Incident Detection)

Job Title: Sr. Cybersecurity Engineer (SOC/Threat & Incident Detection)

Duration: 6+ Months

Location: Cambridge, MA

Client needs only Permanent Residents / Visa Independent consultants for this role.

 Required Skills & Experience:

• 12+ years in cybersecurity / SOC / threat detection roles
• Experience in L2/L3 SOC or Security Operations leadership.

 Technical Skills:

• Strong hands-on expertise in:
• SIEM: Sentinel / Splunk / QRadar
• EDR/XDR tools
• Threat hunting & incident response
• Deep understanding of:
• MITRE ATT&CK
• Threat vectors, malware behavior, attack techniques
• Experience with:
• Log analysis, detection engineering, and correlation rules
• Security automation (SOAR)

 Cloud & DevSecOps

• Experience securing AWS/Azure environments
• Familiarity with:
• CI/CD security (GitHub, GitLab, Jenkins)
• IaC security (Terraform, CloudFormation)
• Policy-as-code (OPA, Checkov)

Threat Detection & Incident Response

• Lead end-to-end investigation of complex security incidents (malware, phishing, lateral movement, cloud compromise)
• Perform advanced threat hunting using SIEM, EDR, and cloud telemetry
• Conduct deep forensic analysis (endpoint, network, logs, email headers)

Detection Engineering & SOC Optimization

• Design and implement high-fidelity detection rules and use cases
• Develop and enhance SOC playbooks aligned with MITRE ATT&CK

Security Tooling & Platforms

• Lead implementation and optimization of:
• SIEM: Microsoft Sentinel / Splunk / QRadar
• EDR/XDR: Defender, CrowdStrike, SentinelOne
• Email Security: Proofpoint, Mimecast, Defender for Office
• WAF & Network Security tools
• Manage integrations across multi-vendor security stack

Automation & SOAR

• Develop automation playbooks (SOAR) for triage, enrichment, and response

Cloud Security & DevSecOps

• Monitor and secure cloud environments (AWS/Azure)
• Implement logging and detection using:
• CloudTrail, VPC Flow Logs, Defender, Sentinel
• Drive DevSecOps practices (SAST, DAST, IaC scanning, policy-as-code)

Risk, Compliance & Governance

• Perform vulnerability assessments and risk analysis
• Ensure alignment with frameworks:
• NIST, CIS Benchmarks, GDPR, PCI-DSS

Nice to Have

• Experience with:
• Email security platforms (Proofpoint, Mimecast)
• WAF/CDN (Akamai, Cloudflare)
• Threat intelligence platforms

Certifications (Preferred)

• CISM / CISSP
• CEH / CHFI
• Vendor certifications (Microsoft Sentinel, QRadar, Splunk)