Cybersecurity Operations Engineer
Lanteris Space Systems · Palo Alto, CA · 1 wk ago
Information Technology$124k–$206k/yrFull-time
About the role
The ideal candidate will be responsible for hands-on security operations, endpoint protection management, security tool administration, and incident response. This role can be based in Palo Alto, CA, Houston, TX or also remotely in the US.
Responsibilities
- SOC Coordination & Incident Management
- Act as liaison with our Managed Security Service Provider (MSSP), reviewing Tier 1/2 alert summaries, validating findings with organizational context, and facilitating escalations for hands-on resolution
- Conduct real-time troubleshooting, log analysis, endpoint forensics, and containment actions on internal systems using tools like MS Defender, Wiz, and Tenable
- Participate in incident response activities, ensuring timely communication with stakeholders and proper documentation of security events
- Cook up incident response activities across cross-functional teams, ensuring timely containment, eradication, and recovery actions align with organizational priorities and compliance requirements
- Endpoint Security & Tool Administration
- Support our endpoint security solutions, including EDR (Endpoint Detection & Response) solutions across the enterprise
- Maintain operational access to security tools for investigation and response purposes (not responsible for development, architecture, or tuning of SOC tools)
- Perform regular health checks, updates, and optimization of security agents to ensure maximum coverage and performance across all organizational assets
- Develop and maintain documentation for security agent configurations, deployment procedures, and troubleshooting workflows to support operational continuity
- Continuous Improvement & Strategic Activities
- Participate in post-incident reviews and root cause analysis, documenting lessons learned to enhance response playbooks aligned with NIST 800-171/CMMC requirements
- Contribute to the refinement of MSSP SLAs, escalation procedures, and operational runbooks
- Generate compliance reports, executive briefings, and threat intelligence summaries for leadership and cross-functional teams (IT, Legal, Governance, Program Security)
- Monitor and report on MSSP performance metrics, contributing to quarterly vendor reviews and integrating findings into risk management workflows
- Identify gaps in security coverage and recommend process improvements
- Participate in tabletop exercises and security drills to validate response capabilities
- Collaboration & Knowledge Sharing
- Integrate security findings into enterprise risk management workflows
- Serve as security subject matter expert for internal projects and initiatives
- Maintain currency with emerging threats, vulnerabilities, and security technologies relevant to the aerospace/defense sector
Qualifications
- Must be a US Citizen with the ability to obtain a US Government security clearance
- Bachelor's Degree in the following area(s): Cybersecurity, Information Technology, Computer Science, or related field, four additional years of experience can be substituted for a degree
- Eight years of hands-on experience in cybersecurity operations, incident response, or security engineering roles
- Experience with endpoint protection platforms
- Experience with cloud security concepts and tools (Wiz, AWS security services, or similar)
- Experience with SIEM platforms, log analysis, and security event correlation
- Experience with NIST 800-171, CMMC, and DFARS cybersecurity requirements
Preferred Qualifications
- Professional certifications such as CISSP, GCIH, GCFA, or CEH
- Experience operating in aerospace, defense, or DoD/CMMC regulated environments
- Scripting/automation skills (PowerShell, Python) for security operations tasks
- Strong collaboration skills and ability to work effectively with cross-functional teams during complex security incidents
- Experience with the M365 Security stack (Defender, Sentinel, MDC, Purview)
- Experience with Tenable One
- Experience with centralized enterprise logging
- Experience with network security, including IDS/IPS, firewalls, and security architecture