Pennsylvania Staffing
Security Analyst / Engineer
Since our founding in 1901, Limbach's primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve-driving a culture of belonging across our industry. Limbach Company LLC, a subsidiary of Limbach Holdings, Inc., is a leading building systems solutions firm delivering mission-critical systems that support life's most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities-ensuring buildings are always ready to perform when it matters most. We partner with building owners and operators to safeguard reliability, efficiency, and comfort where it's needed most. Our vision is to create value for building owners targeting opportunities for long term relationships. Our purpose is to create great opportunities for people. The Benefits & Perks... Base salary range of $120K - $130K Full portfolio of medical, dental, and vision benefits, along with 401K plan and company match. HSA, FSA, and life insurance offerings. Maximize your professional development with our award-winning Learning & Engagement team. Engage in our "We Care" culture through our ERGs, brought to you by EMBRACE. Career pathing flexibility and mobility. Who You Are... As Security Analyst / Engineer, you will serve as the organization's primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader. This Position... Some examples of the work you might do includes: Security Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting. SOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events. Incident Response: Lead detection containment eradication recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths. EDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations. Vulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines. Detection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy. M&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach's security baselines. Training & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement. Reporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations. Third-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners. What You Need... 5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments. Demonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable). Proven track record managing EDR/MDR/XDR solutions and performing endpoint investigations. Hands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling. Experience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation. Real-world experience coordinating cross-functional incident response activities and driving remediation to completion. Scripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection. Strong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting. Familiarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools. Knowledge of security controls, hardening standards, and configuration baselines. Ability to read and interpret logs and telemetry across endpoints, network devices, and cloud services. Superior written and verbal communication; able to explain technical findings to non-technical and executive audiences. Decisive under pressure, methodical in evidence collection, and disciplined in documentation. Collaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners). Strong project management and organizational skills with an eye for measurable outcomes. Ability to travel up to 15% of the time.
Since our founding in 1901, Limbach's primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve-driving a culture of belonging across our industry. Limbach Company LLC, a subsidiary of Limbach Holdings, Inc., is a leading building systems solutions firm delivering mission-critical systems that support life's most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities-ensuring buildings are always ready to perform when it matters most. We partner with building owners and operators to safeguard reliability, efficiency, and comfort where it's needed most. Our vision is to create value for building owners targeting opportunities for long term relationships. Our purpose is to create great opportunities for people. The Benefits & Perks... Base salary range of $120K - $130K Full portfolio of medical, dental, and vision benefits, along with 401K plan and company match. HSA, FSA, and life insurance offerings. Maximize your professional development with our award-winning Learning & Engagement team. Engage in our "We Care" culture through our ERGs, brought to you by EMBRACE. Career pathing flexibility and mobility. Who You Are... As Security Analyst / Engineer, you will serve as the organization's primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader. This Position... Some examples of the work you might do includes: Security Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting. SOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events. Incident Response: Lead detection containment eradication recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths. EDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations. Vulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines. Detection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy. M&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach's security baselines. Training & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement. Reporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations. Third-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners. What You Need... 5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments. Demonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable). Proven track record managing EDR/MDR/XDR solutions and performing endpoint investigations. Hands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling. Experience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation. Real-world experience coordinating cross-functional incident response activities and driving remediation to completion. Scripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection. Strong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting. Familiarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools. Knowledge of security controls, hardening standards, and configuration baselines. Ability to read and interpret logs and telemetry across endpoints, network devices, and cloud services. Superior written and verbal communication; able to explain technical findings to non-technical and executive audiences. Decisive under pressure, methodical in evidence collection, and disciplined in documentation. Collaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners). Strong project management and organizational skills with an eye for measurable outcomes. Ability to travel up to 15% of the time.