Senior Cybersecurity SOC Engineer

Overview

Remote
Depends on Experience
Contract - W2
Contract - Independent
Contract - 12 Month(s)

Skills

crowdstrike
sentinel
kql
azure
python

Job Details

Role: Senior Cybersecurity SOC Engineer
Location: Santa Clara, CA (Onsite)
Employment Type: Full-Time
Summary: The Client is seeking an elite Senior Cybersecurity SOC Engineer a hands-on security expert with deep technical knowledge, real-world experience, and a passion for building, defending, and continuously maturing SOC capabilities. This role will report directly to the SecOps Leader within the Cybersecurity organization and requires an individual who thrives in a collaborative environment and is an absolute team player. You will lead threat detection, incident response, automation, and advanced investigations across a modern enterprise environment. If you're a true expert in Microsoft Sentinel, CrowdStrike, MDE, SOAR, MITRE ATT&CK, APTs, and scripting this is your arena.
Key Responsibilities:
  • Design, build, and mature the SOC program, including SIEM/SOAR architecture, detection engineering, threat hunting frameworks, and response procedures.
  • Develop and maintain a robust Incident Response (IR) program and playbooks, ensuring readiness for APTs, ransomware, insider threats, and complex attacks.
  • Lead deep-dive investigations into high-fidelity alerts, threat intelligence feeds, and anomalous behavior using:
    • CrowdStrike Falcon EDR leveraging IOCs, IOAs, and Real Time Response (RTR) for threat containment.
    • Microsoft Defender for Endpoint (MDE) for endpoint telemetry and lateral movement analysis.
    • Tenable to correlate vulnerabilities with active threat activity.
    • Fortinet and Palo Alto Firewalls for forensic packet tracing and network-layer containment.
  • Azure Cloud Security performing cloud security investigations to detect and mitigate threats within Azure environments, including Azure Security Center and Azure Sentinel
  • M365 Cloud Security securing and investigating Microsoft 365 environments, including threat detection and response using Microsoft Defender for Office 365 and Identity Protection
  • Expert proactive threat hunting based on TTPs mapped to the MITRE ATT&CK framework, enriching detection and reducing dwell time.
  • Conduct APT analysis, malware reverse investigation, and backdoor assessments eradicating persistence and uncovering hidden footholds.
  • Enhance identity threat defense with Microsoft Entra ID (Azure AD), including SSO, Conditional Access, and Adaptive MFA.
  • Integrate and automate threat response via Microsoft Sentinel SOAR and Palo Alto XSOAR, driving fast, consistent, and auditable security outcomes.
  • Develop advanced detections, hunting queries, and automation scripts using:
    • KQL (for Sentinel & MDE telemetry)
    • Python (for enrichment, orchestration, and threat data parsing)
    • PowerShell (for incident response and remediation scripting)
  • Perform dark web monitoring and analysis, transforming raw intelligence into actionable insights for executive briefings and threat modeling.
  • Serve as a technical mentor and escalation point within the SOC, supporting and guiding junior analysts and engineers.
  • Collaborate closely with our managed SOC partner (MSOC) and other external entities to enhance threat intelligence and coordinate a seamless response.
  • Foster a collaborative, supportive, and high-performance team environment, ensuring knowledge sharing, skill development, and shared ownership of security outcomes.
Required Experience & Expertise:
  • 7+ years in hands-on cybersecurity roles, with proven experience in SOC, IR, threat hunting, and security engineering.
  • Deep, hands-on expertise in:
    • Microsoft Sentinel (SIEM & SOAR), KQL Queries
    • CrowdStrike Falcon EDR (including RTR, IOAs, and detection tuning)
    • Microsoft Defender for Endpoint (MDE)
    • Tenable, Fortinet, and Palo Alto Firewalls Security
    • Microsoft Entra ID (Azure AD), SSO, and MFA/Conditional Access
  • Advanced understanding and operational use of the MITRE ATT&CK framework, including mapping detections, performing gap analysis, and simulating adversary behavior.
  • Deep knowledge and hands-on experience analyzing and responding to:
    • Advanced Persistent Threats (APTs)
    • Persistence mechanisms and backdoors
    • Privilege escalation and lateral movement
    • Command and Control (C2) and exfiltration tactics
  • Proven scripting capability in KQL, Python, and PowerShell for automation, data enrichment, and detection logic.
  • Experience integrating and tuning SOAR/XSOAR platforms in complex enterprise environments.
  • Strong team collaboration, communication, and mentoring skills a genuine team player and leader-by-example.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.