Jobs · Legal

Senior Security Operations Engineer

Dispel · United States · 3 mo ago
RemoteRemoteLegalFull-time

About the role

Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS).

Responsibilities

  • Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, maintain coverage dashboards
  • Close the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaS
  • Activate and configure SecOps SOAR capabilities including Domain-Wide Delegation, marketplace integrations, and bidirectional response actions
  • Build and maintain SOAR playbooks for major incident types such as phishing, malware, account compromise, lateral movement, and cloud-specific threats
  • Develop and maintain operational dashboards for SOC metrics, alert volumes, MTTA/MTTR, and coverage status
  • Manage Google SecOps RBAC
  • Build and deploy production detection rules mapped to MITRE ATT&CK within the first year
  • Establish a detection lifecycle including proposal, testing, deployment, tuning, and retirement
  • Conduct quarterly detection quality reviews to measure false positive rates, coverage gaps, and rule health
  • Develop alert threshold optimization to reduce noise and analyst fatigue
  • Drive SentinelOne deployment across Azure VMs in commercial environments and all federal endpoints
  • Configure and operationalize Cloud Funnel for log export into Google SecOps
  • Build correlation rules between EDR alerts and SIEM detections
  • Manage SentinelOne RBAC groups and policy configuration
  • Coordinate with IT on agent deployment, health monitoring, and version management
  • Improve MTTA and MTTR through process optimization, better tooling, and analyst development
  • Lead quarterly tabletop exercises and after-action reviews
  • Maintain and improve incident response runbooks for all major incident categories
  • Integrate incident response workflows with Jira Service Management for tracking and escalation
  • MSSP Oversight
  • Serve as primary technical interface with MSSP partner for 24/7 SOC coverage
  • Define and hold the MSSP accountable to SLAs, alert quality, and escalation procedures
  • Review MSSP deliverables such as dashboards, reports, and playbooks for quality and completeness
  • Manage the transition from the previous MSSP and ensure no coverage gaps
  • Provide day-to-day technical direction to SOC analysts by setting priorities, assigning tasks, and reviewing work products
  • Ensure incident response reports, playbooks, and dashboards meet quality standards before delivery to leadership or external stakeholders
  • Drive OKR execution for SOC-related objectives including logging coverage, detection counts, incident response metrics, and vulnerability SLA compliance
  • Identify skill gaps and development opportunities for junior analysts
  • Establish and enforce SOC processes that are documented, repeatable, and auditable

Qualifications

  • 6+ years of experience in security operations, detection engineering, or SIEM/SOAR engineering
  • Hands-on experience with Google SecOps (Chronicle) or equivalent enterprise SIEM such as Splunk, Sentinel, or QRadar, with Chronicle strongly preferred
  • Production experience with SentinelOne, CrowdStrike, or a comparable EDR platform
  • Deep knowledge of AWS security services including GuardDuty, Security Hub, Inspector, CloudTrail, WAF, and Config
  • Experience building detection rules mapped to the MITRE ATT&CK framework
  • SOAR playbook development and automation experience
  • Demonstrated ability to lead without formal authority by setting direction for peers or junior analysts
  • Strong incident response skills with experience writing complete reports for executive and external audiences
  • Understanding of NIST 800-53 controls, particularly Audit, System Integrity, and Incident Response families
  • Excellent written communication skills

Preferred Qualifications

  • Experience with Google SecOps (Chronicle), SentinelOne, or similar SIEM/SOAR platforms; certifications are a plus
  • Experience working in a FedRAMP High environment such as AWS GovCloud Azure security experience including Defender for Cloud, Entra ID, Log Analytics, and Event Hubs
  • Experience managing MSSP relationships and enforcing SLAs
  • Background in OT/ICS security monitoring
  • Experience with vulnerability management tools such as Nessus, Inspector, or Defender
  • Previous experience in a startup or high-growth environment building SOC capabilities from early stages

Benefits

  • 136K-155K base + equity and performance bonus eligible, depending on experience and location
  • Full medical, vision, and dental insurance
  • Generous PTO
  • Remote-first culture with flexible hours
  • Opportunity to protect critical infrastructure at scale
  • Work with patented, cutting-edge security technology
  • Direct ownership of SOC maturation
  • Collaborative team with military, federal, and private sector expertise
  • Security Clearance Due to federal customer and FedRAMP requirements, this role requires US Person status (citizen or permanent resident) under ITAR/EAR regulations
  • Able to obtain and maintain a security clearance preferred

Similar jobs