Engineering Manager – Security Operations
Job Description
Key Responsibilities :
SOC Platform & Engineering Leadership :
– Lead engineering strategy, architecture, and lifecycle management of all SOC technologies.
– Oversee design and implementation of scalable logging, monitoring, and response platforms.
– Ensure platforms meet performance, resilience, availability, and operational readiness requirements.
– Drive long term engineering roadmaps aligned to enterprise security strategy.
Detection Engineering & Threat Analytics :
– Design and implement detection logic using attacker technique frameworks (e.g., MITRE ATT&CK).
– Develop behavioral, anomaly based, and signature based detections across identity, endpoint, email, cloud, and network domains.
– Perform detection tuning, baselining, and enrichment improvements to enhance fidelity.
– Lead threat analysis and build threat informed use cases to strengthen coverage.
Telemetry, Data Engineering & Integration :
– Lead onboarding and engineering of telemetry sources across cloud, identity, endpoint, network, OT, and SaaS environments.
– Ensure data quality, schema consistency, normalization, and reliability in all pipelines.
– Apply engineering practices to improve log health, reduce noise, and enhance correlation capabilities.
Cross Functional Collaboration :
– Work closely with SOC Operations to address detection gaps and engineering dependencies.
– Partner with Cloud, Identity, Network, and Architecture teams to enhance telemetry and controls.
– Engage with vendors and partners to support platform enhancements and roadmap alignment.
– Provide engineering insights to leadership during incident reviews and strategic discussions.
People Leadership & Capability Development :
– Lead, mentor, and grow SOC engineers, detection engineers, and automation specialists.
– Build structured development pathways focused on advanced engineering skills.
– Promote a culture of innovation, accountability, and technical excellence.
– Create succession plans and capability uplift programs for the team.
1. Detection Engineering :
– Strong hands on experience building detections using : Query based analytics languages (e.g., KQL like, SQL like, pattern matching engines)Behavior based and anomaly based detection techniquesThreat modeling and MITRE ATT&CK mappingSignal correlation, enrichment, and contextual analytics
– Ability to design detections for : Endpoint behavioral anomaliesIdentity misuse and lateral movementEmail threats (phishing, BEC, malware)SaaS and cloud application misuseData exfiltration and DLP bypass patterns
2. Automation & Orchestration :
– Hands on expertise with workflow automation technologies (SOAR type systems).
– Ability to build automated remediation and containment actions.
– Experience with : API integrationsJSON/YAML transformationsEvent driven triggersAutomated enrichment logic
– Ability to automate response actions across endpoints, identity systems, cloud environments, and collaboration platforms.
Telemetry & Data Engineering :
– Proficiency in engineering log pipelines across multiple domains : IdentityCloudEndpointEmailNetworkApplication/SaaS
– Experience with schema design, parsing, normalization, and taxonomy alignment.
– Ability to perform telemetry quality assessments and implement improvements.
Scripting & Engineering Skills :
– Hands on skills in : PowerShell or Bash Python (light to intermediate scripting)Regular expressionsGit based version control
– Experience building engineering automations, utilities, or integration scripts.
Security & Threat Expertise :
– Deep understanding of : Attack lifecyclesThreat actor techniquesIdentity compromise patternsEndpoint exploitation behaviorsCloud attack vectors
– Experience conducting threat informed engineering improvements.
Architecture & Troubleshooting :
– Strong ability to analyze, architect, and optimize large security data platforms.
– Troubleshooting experience across distributed systems, log ingestion, automation failures, and detection pipelines.
Required Qualifications :
– Bachelors degree in Cybersecurity, Engineering, Computer Science, or related field.
– 8 to 12+ years of cybersecurity experience with significant time in SOC engineering or detection engineering.
– Demonstrated expertise leading technical engineering teams in enterprise environments.
– Strong communication skills and ability to translate technical concepts to leadership.
Preferred Qualifications :
– Professional certifications in security operations, cloud security, or architecture.
– Experience in global, hybrid cloud, or 247 operations environments.
– Proven ability to build high performing engineering teams
Are you interested in this position?
Apply by clicking on the “Apply Now” button below!
#GraphicDesignJobsOnline
#WebDesignRemoteJobs #FreelanceGraphicDesigner #WorkFromHomeDesignJobs #OnlineWebDesignWork #RemoteDesignOpportunities #HireGraphicDesigners #DigitalDesignCareers# Dynamicbrand guru
Apply Now
