SOAR Security Engineer - Rockville, MD
1 day ago
Job description
Senior SOC Engineer (Detection Engineering & Automation)
About The Role
Our Security Operations Center is evolving from foundational capabilities into a mature, comprehensive security operations program. We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts.
This role focuses on building robust detection capabilities, automating security responses, and creating the frameworks that enable our SOC analysts to effectively identify and respond to threats. You will work closely with our threat intelligence and hunting teams to translate security research into actionable detections and automated responses.
Key Responsibilities
Detection Engineering
- Design and implement comprehensive detection use cases aligned with the MITRE ATT&CK framework
- Conduct gap analysis of current detection coverage and develop roadmap to address gaps
- Build and tune correlation searches, alerts, and detection logic in Splunk Enterprise Security
- Implement Risk-Based Alerting (RBA) methodologies to improve signal-to-noise ratio
- Develop detection strategies for multi-cloud environments (AWS, GCP, Azure)
- Continuously evaluate and improve detection effectiveness based on SOC feedback
Security Automation & Orchestration
- Design and implement automated response playbooks using Splunk SOAR
- Build integrations between security tools to enable automated investigation and response workflows
- Develop scripts and automation (Python, Bash, PowerShell) to streamline SOC operations
- Create reusable automation frameworks that scale across multiple use cases
- Collaborate with platform engineering to ensure reliable automation infrastructure
SOC Architecture & Vision
- Define what a mature SOC capability looks like using Splunk ES, SOAR, and supporting tools
- Identify gaps and shortcomings in current SOC implementation and provide clear remediation guidance
- Establish best practices, standards, and frameworks for detection engineering and response
- Mentor platform engineering team on SOC-specific requirements and approaches
- Contribute to long-term SOC strategy and capability development
Cross-Functional Collaboration
- Partner with threat intelligence and threat hunting teams to operationalize research into detections
- Work with SOC analysts to understand investigation workflows and improve detection quality
- Collaborate with platform engineering teams to implement and maintain SOC infrastructure
- Participate in incident response activities to validate and refine detection and automation capabilities
- Document detection logic, playbooks, and technical architectures
Required Qualifications
- SOC Experience: 5+ years in a Security Operations Center environment with exposure to mature SOC operations and best practices
- SIEM Expertise: Hands-on experience with Splunk Enterprise Security or comparable enterprise SIEM platforms (building correlation searches, alerts, dashboards, and ES-specific frameworks)
- Detection Engineering: Proven experience developing security detections, use cases, and alert tuning methodologies
- MITRE ATT&CK Framework: Practical application of MITRE ATT&CK for detection coverage mapping and gap analysis
- Security Automation: Experience building automated response workflows and playbooks (SOAR platforms preferred)
- Scripting: Strong proficiency in Python, PowerShell, or Bash for automation and integration development
- Cloud Security: Understanding of cloud security monitoring and detection across AWS, GCP, and Azure environments
- Analytical Mindset: Ability to identify gaps, define clear vision for improvement, and guide teams toward maturity
Preferred Qualifications
- Splunk SOAR (Phantom) hands-on experience
- Splunk UEBA or behavioral analytics platform experience
- Risk-Based Alerting (RBA) implementation experience
- Threat hunting background with detection engineering application
- Infrastructure automation and CI/CD pipeline knowledge
- Experience mentoring or leading detection engineering teams
- Relevant certifications (GIAC, CISSP, or similar)
Team Structure & Growth Opportunity
This position reports to the Director of Security Platform Engineering and serves as a senior individual contributor with potential to transition into a technical lead role as the SOC engineering team expands. You will collaborate closely with SOC analysts, threat intelligence teams, threat hunters, and platform engineering teams.
The role offers the opportunity to shape SOC capabilities, establish engineering standards, and build a world-class detection and response program using industry-leading tools.
This is a senior-level position requiring demonstrated experience in mature SOC environments and the ability to provide technical vision and mentorship.
Dice
Similar jobs
We are seeking a Security Engineer to join our team supporting NRC GLINDA Systems Network and Cross Cutting program in Rockville , MDWe're looking for a skilled security professional with hands-on experience in the architecture, design, implementation, and maintenance of security ...
1 month ago
We are seeking a Senior Security Engineer to join our team at ITC Federal. The ideal candidate will have experience with system architecture design and security integration. · ResponsibilitiesDevelop and implement internal System Security Plan (SSP) and Security Assessment Plan ( ...
1 month ago
· Company Description · IT Client · Job Description · Greetings from Fabergent, · Kindly let me know if you are currently available in the job market · Feel free to reach me on or · Please respond with your updated profile if interested · Title : Security Engineer · L ...
3 days ago
We are seeking a skilled security professional with hands-on experience in the architecture, design, implementation, · and maintenance of security management tools.The ideal candidate will have a strong background in Palo Alto Networks Firewalls and · a working knowledge of manag ...
1 month ago
The Senior Application Security Architect is responsible for designing, implementing, and overseeing enterprise-wide application security architecture and standards. This role focuses on establishing security frameworks, conducting architecture reviews, developing security baseli ...
1 month ago
The Senior Application Security Architect designs and implements enterprise-wide application security architecture and standards. · ...
1 month ago
LCG is seeking a Lead Security Engineer will provide senior-level enterprise security engineering architecture and cloud security expertise in support of Client's OMTO/DTM Cybersecurity and Management Support.Under the guidance of the HHS CIO CISO and SAOP this role designs imple ...
1 month ago
The main function of the senior application security engineer is to plan coordinate and implement application security practices in each phase of software development life cycle though testing remediation support tool evaluation etc. · Perform security assessments and manual pene ...
4 weeks ago
We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. · This role focuses on building robust detection capabilities, automating security responses, · and c ...
2 weeks ago
We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. · ...
1 month ago
We are seeking a talented Security Platform Engineer to join our Security Operations team. This role is responsible for maintaining, optimizing, and evolving the organization's security infrastructure, with a strong focus on our SIEM ecosystem and enterprise security tooling. · D ...
1 month ago
We are seeking a talented Security Platform Engineer to join our Security Operations team. · 3+ years of experience in security engineering, security operations, or a related technical role. · Hands-on experience administering and operating a SIEM platform (e.g., Splunk, Sentinel ...
1 month ago
We own the world's largest financial store (37 petabytes and growing) and look at 155+ billion financial transactions daily— more than Twitter, Visa, PayPal and Facebook combined. · Detection Engineering · Splunk Enterprise Security (ES) · ...
3 weeks ago
A senior SOC engineer with experience in detection engineering & automation is needed for our Security Operations Center. · We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision leadership guide our detection engineering automati ...
4 weeks ago
We are seeking a talented Security Platform Engineer to join our Security Operations team.This role is responsible for maintaining, optimizing, and evolving the organization's security infrastructure, with a strong focus on our SIEM ecosystem and enterprise security tooling. · ...
1 month ago
cFocus Software seeks a Security Engineer to join our program supporting the Department of Health and Human Services (HHS) This position is remote. · ...
3 weeks ago
We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. · ...
2 weeks ago
We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. · This role focuses on building robust detection capabilities, automating security responses, and cre ...
4 weeks ago
The main function of the senior application security engineer is to plan coordinate and implement application security practices in each phase of software development life cycle though testing remediation support tool evaluation etc. · ...
1 month ago
The main function of senior application security engineer is to plan coordinate and implement application security practices in each phase of software development life cycle though testing remediation support tool evaluation etc. · Evaluate security vulnerabilities security tools ...
1 month ago
We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. · ...
2 weeks ago