Senior Security Operations Engineer

Role Overview

Senior Security Operations Engineer (hands-on, SOC operations leadership). Dispel’s SOC is built on Google SecOps (Chronicle) and SentinelOne, and this role will take it from “stood up” to operationally mature. You’ll own the log ingestion pipeline end-to-end, expand detection and coverage across federal and commercial environments, and provide senior technical direction to existing SOC analysts.

Responsibilities

SIEM/SOAR Operations (Google SecOps)

• Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, and maintain coverage dashboards.
• Close the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaS.
• Activate and configure SecOps SOAR capabilities (e.g., Domain-Wide Delegation, marketplace integrations, bidirectional response actions).
• Build and maintain SOAR playbooks for incident types including phishing, malware, account compromise, lateral movement, and cloud threats.
• Develop and maintain SOC operational dashboards (metrics, alert volumes, MTTA/MTTR, coverage).

Google SecOps Detection Engineering

• Manage RBAC and build production detection rules mapped to MITRE ATT&CK within the first year.
• Develop custom parsers for AWS-native services: GuardDuty, Security Hub, Inspector, WAF, CloudTrail, VPC Flow Logs.
• Define the detection lifecycle: proposal → testing → deployment → tuning → retirement.
• Run quarterly detection quality reviews (false positives, coverage gaps, rule health).
• Optimize alert thresholds to reduce noise and analyst fatigue.

Endpoint Detection & Response (SentinelOne)

• Drive SentinelOne deployment across Azure VMs (commercial) and federal endpoints.
• Configure and operationalize Cloud Funnel for exporting logs into Google SecOps.
• Build correlation between EDR alerts and SIEM detections.
• Manage SentinelOne RBAC and policy configuration.
• Coordinate with IT on agent deployment, health monitoring, and version management.

Incident Response

• Act as senior escalation point; ensure investigations include root cause, remediation actions, credential rotation plans, and follow-up timelines.
• Improve MTTA/MTTR via process optimization, better tooling, and analyst development.
• Lead quarterly tabletop exercises and after-action reviews.
• Maintain and improve incident response runbooks.
• Integrate incident response workflows with Jira Service Management for tracking and escalation.

Vulnerability Management

• Operationalize monthly scanning cadence using Nessus, AWS Inspector, and Azure Defender.
• Enforce remediation SLAs by severity: Critical (72 hours), High (7 days), Medium (30 days).
• Build consolidated vulnerability dashboards in Google SecOps (and track SLA compliance).