Jobs via Dice
Cyber Security Engineer
Location: Houston, TX
Type: Full-Time
Department: Information Security
Reports to: Security Engineering Manager / CISO
Core Responsibilities
Engineer security controls: EDR/XDR, SIEM rules, WAF, DLP, CASB, IAM policies.
Deploy and tune detection: Splunk, Elastic, Microsoft Sentinel, CrowdStrike, Defender.
Automate defense: SOAR playbooks (Phantom, Cortex XSOAR), Python scripts, infrastructure‑as‑code security.
Conduct threat hunting: Hypothesis‑driven queries, UEBA, memory forensics, network telemetry.
Respond to incidents: Containment, eradication, recovery, forensics, post‑mortems.
Harden systems: CIS/STIG benchmarks, patch management, secure baselines, zero‑trust microsegmentation.
Secure cloud environments: AWS GuardDuty, Azure Security Center, Google Cloud Platform Security Command Center, CSPM.
Run vulnerability management: Scanning (Qualys, Tenable), risk prioritization, remediation tracking.
Support compliance: SOC2, ISO27001, NIST CSF, PCI‑DSS evidence, audits, control mapping.
Participate in red/blue/purple team exercises and penetration test remediation.
What You Bring Must‑Have
4+ years in cybersecurity engineering, SOC, or SecOps.
Hands‑on SIEM: Splunk SPL, Elastic KQL, or Microsoft Kusto writing detections, not just dashboards.
EDR mastery: CrowdStrike Falcon, Microsoft Defender, SentinelOne response workflows.
Scripting/automation: Python (boto3, requests), PowerShell, Bash, regex ninja.
Cloud security: AWS (Security Hub, Macie), Azure (Defender for Cloud), IAM/SCIM.
Networking & OS internals: TCP/IP stack, Windows/Linux privilege models, sysmon, auditd.
Incident response lifecycle: You’ve contained ransomware and preserved evidence.
One of: CISSP, GCIH, GCFA, GNFA, CCSP, or AWS Security Specialty.
Nice‑to‑Have
SOAR development (playbooks, integrations, API orchestration).
Threat intel platforms: MISP, OpenCTI, Recorded Future.
Container security: Docker, Kubernetes, Falco, Aqua, Sysdig.
Reverse engineering or malware analysis (IDA, Ghidra, Volatility).
SASE/ ZTNA: Palo Alto Prisma, Zscaler, Netskope.
Certifications: OSCP, CCSP, GREM, EnCE.
Tech Stack
Detection: Splunk ES, Elastic Security, Microsoft Sentinel
EDR/XDR: CrowdStrike, Defender for Endpoint, SentinelOne
Cloud: AWS (GuardDuty, Inspector), Azure (Security Center), Google Cloud Platform SCC
Automation: Cortex XSOAR, Ansible, Terraform (secure modules)
Vuln Mgmt: Tenable.io, Qualys VMDR
Network: Palo Alto NGFW, Zeek, Suricata
Forensics: Autopsy, Volatility, Velociraptor
Identity: Okta, Azure AD, PingFederate
#J-18808-Ljbffr
Type: Full-Time
Department: Information Security
Reports to: Security Engineering Manager / CISO
Core Responsibilities
Engineer security controls: EDR/XDR, SIEM rules, WAF, DLP, CASB, IAM policies.
Deploy and tune detection: Splunk, Elastic, Microsoft Sentinel, CrowdStrike, Defender.
Automate defense: SOAR playbooks (Phantom, Cortex XSOAR), Python scripts, infrastructure‑as‑code security.
Conduct threat hunting: Hypothesis‑driven queries, UEBA, memory forensics, network telemetry.
Respond to incidents: Containment, eradication, recovery, forensics, post‑mortems.
Harden systems: CIS/STIG benchmarks, patch management, secure baselines, zero‑trust microsegmentation.
Secure cloud environments: AWS GuardDuty, Azure Security Center, Google Cloud Platform Security Command Center, CSPM.
Run vulnerability management: Scanning (Qualys, Tenable), risk prioritization, remediation tracking.
Support compliance: SOC2, ISO27001, NIST CSF, PCI‑DSS evidence, audits, control mapping.
Participate in red/blue/purple team exercises and penetration test remediation.
What You Bring Must‑Have
4+ years in cybersecurity engineering, SOC, or SecOps.
Hands‑on SIEM: Splunk SPL, Elastic KQL, or Microsoft Kusto writing detections, not just dashboards.
EDR mastery: CrowdStrike Falcon, Microsoft Defender, SentinelOne response workflows.
Scripting/automation: Python (boto3, requests), PowerShell, Bash, regex ninja.
Cloud security: AWS (Security Hub, Macie), Azure (Defender for Cloud), IAM/SCIM.
Networking & OS internals: TCP/IP stack, Windows/Linux privilege models, sysmon, auditd.
Incident response lifecycle: You’ve contained ransomware and preserved evidence.
One of: CISSP, GCIH, GCFA, GNFA, CCSP, or AWS Security Specialty.
Nice‑to‑Have
SOAR development (playbooks, integrations, API orchestration).
Threat intel platforms: MISP, OpenCTI, Recorded Future.
Container security: Docker, Kubernetes, Falco, Aqua, Sysdig.
Reverse engineering or malware analysis (IDA, Ghidra, Volatility).
SASE/ ZTNA: Palo Alto Prisma, Zscaler, Netskope.
Certifications: OSCP, CCSP, GREM, EnCE.
Tech Stack
Detection: Splunk ES, Elastic Security, Microsoft Sentinel
EDR/XDR: CrowdStrike, Defender for Endpoint, SentinelOne
Cloud: AWS (GuardDuty, Inspector), Azure (Security Center), Google Cloud Platform SCC
Automation: Cortex XSOAR, Ansible, Terraform (secure modules)
Vuln Mgmt: Tenable.io, Qualys VMDR
Network: Palo Alto NGFW, Zeek, Suricata
Forensics: Autopsy, Volatility, Velociraptor
Identity: Okta, Azure AD, PingFederate
#J-18808-Ljbffr