Vaco is partnering with a nationally recognized retail organization to build out its Security Operations Center as part of a broader cybersecurity maturity initiative. This team supports enterprise security across corporate systems, retail operations, and cloud-heavy environments.
These contract roles will sit within a growing SOC organization focused on strengthening detection, response, vulnerability management, and data protection capabilities. The environment includes MDR, EDR, SIEM, SOAR automation, vulnerability management tooling, and DLP programs aligned to frameworks such as NIST and CIS.
This position is based in Tempe, Arizona and requires in-office presence Monday through Thursday. Fridays are optional remote days.
Level will be determined based on experience. Opportunities to extend and/or convert are on the table as well. This role is not open for C2C engagements.
What You’ll Be Doing
Monitor security events and alerts across SIEM, MDR, and EDR platforms
Investigate, triage, and escalate security incidents in accordance with established playbooks
Support incident response activities including containment, eradication, and recovery efforts
Document findings and contribute to post-incident reviews and lessons learned exercises
Assist with vulnerability management efforts including validation, prioritization, and remediation tracking
Partner with infrastructure and application teams to support timely patching and risk mitigation
Contribute to DLP monitoring and investigation of potential data exfiltration events
Participate in SOC workflow refinement and continuous improvement initiatives
Support the development and tuning of detection rules and automation within SOAR platforms
Maintain accurate case documentation and metrics for reporting and compliance alignment
Required Experience
L1 Expectations
1+ years of experience in a SOC, incident response, or cybersecurity operations role
Hands-on experience working with SIEM platforms and alert triage
Familiarity with EDR and endpoint security tools
Understanding of common attack vectors and incident response fundamentals
Strong documentation and communication skills
L2 Expectations
3+ years of cybersecurity operations experience
Proven experience handling complex investigations independently
Experience tuning detection rules and improving alert fidelity
Strong understanding of vulnerability management processes
Familiarity with SOAR automation workflows
Experience operating in cloud-based environments such as AWS, Azure, or Google Cloud Platform
For both levels:
Working knowledge of frameworks such as NIST, CIS Controls, PCI, SOX, or CCPA
Ability to operate effectively during high-pressure, time-sensitive incidents
Strong analytical and critical thinking skills
Nice to Have
Experience in SaaS-heavy or multi-cloud environments
Exposure to DLP tools and data classification programs
Scripting experience in Python, PowerShell, or similar
Industry certifications such as Security+, CySA+, GCIH, or similar
Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.