ONE (Open Network Exchange)
Security Operations Engineer (Scottsdale)
ONE (Open Network Exchange), Scottsdale, Arizona, United States, 85261
Summary/Objective
The Security Operations Lead Engineer is responsible for guiding the day-to-day operation of the SOC while maturing detection pipelines, hardening the environment, and leading the security scrum team. The role blends hands on engineering with team leadership, incident response, threat detection, automation, and process ownership. The ideal candidate brings strong experience with SIEM, XDR, cloud security, and Fortinet tooling while being able to run sprints, refine backlogs, and drive a predictable security roadmap.
Key Responsibilities
Threat Detection and Incident Response Lead detection engineering, alert tuning, log pipeline improvements, and security content development Own incident response workflow including triage, investigation, containment, remediation, and retrospective reviews Manage SIEM dashboards, queries, correlation rules, and parsing logic Drive continuous improvement using real incidents as inputs for detection upgrades Security Team Leadership and Scrum Execution Serve as scrum master for the security team and maintain sprint cadence Lead daily standups, backlog refinement, sprint planning, and sprint reviews Partner with IT, engineering, and compliance to align the security roadmap with organizational priorities Mentor junior analysts and create growth paths within the SOC Security Engineering and Automation Build and maintain automation in PowerShell or Python to reduce manual response work Integrate security tools with internal systems to streamline alerting, enrichment, and response Improve asset visibility, identity protections, endpoint controls, and zero trust policies Maintain security baselines for servers, endpoints, network devices, and cloud workloads Fortinet and Infrastructure Security Operate and tune FortiGate, FortiAnalyzer, FortiNAC, and FortiClient EMS for XDR and ZTNA Manage firewall policies, segmentation, intrusion prevention, and VPN access Expand monitoring through log forwarding, event correlation, and data retention planning Work with network and systems teams to validate architecture, resilience, and compliance Cloud Security Strengthen Azure identity, conditional access, network controls, workload protections, and audit pipelines Tune Azure Monitor, Sentinel, and Log Analytics for detection and response Improve identity hygiene including MFA posture, privileged access, service principals, and workload identities Documentation & Collaboration Maintain runbooks, playbooks, detection notes, incident templates, and SOPs in version control Clearly document detection logic, expected behavior, and tuning criteria Engage in cross functional reviews with IT, DevOps, compliance, and leadership Qualifications Bachelors degree in cybersecurity, information systems, or related field, or equivalent experience Three to seven years in SOC, incident response, or security engineering roles Hands on experience with SIEM platforms, XDR tooling, and log management Experience tuning alerts, writing detections, and performing investigations Working knowledge of Azure identity and cloud security controls Familiarity with Fortinet platforms such as FortiGate, FortiAnalyzer, EMS, and ZTNA Ability to run scrum ceremonies with consistent cadence Strong written and verbal communication skills Must be available for full-time on-site work Scripting experience in PowerShell or Python is a plus Knowledge of MITRE ATT&CK and threat hunting is a plus FCP Security Operations, AZ500 Security Engineer Associate, or GCIH certifications is a plus
What We Offer Exclusive Team Member Travel Discounts Affordable Medical Insurance 100% Employer Paid Dental and Vision Insurance HSA with Company Contribution 401(k) Basic and Voluntary Life & AD&D Pet Benefits Free Parking Amazing Culture!
ONE
is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate based on race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. Were looking for team members who thrive in a collaborative, in-person environment and want to grow their career alongside passionate technologists.
Key Responsibilities
Threat Detection and Incident Response Lead detection engineering, alert tuning, log pipeline improvements, and security content development Own incident response workflow including triage, investigation, containment, remediation, and retrospective reviews Manage SIEM dashboards, queries, correlation rules, and parsing logic Drive continuous improvement using real incidents as inputs for detection upgrades Security Team Leadership and Scrum Execution Serve as scrum master for the security team and maintain sprint cadence Lead daily standups, backlog refinement, sprint planning, and sprint reviews Partner with IT, engineering, and compliance to align the security roadmap with organizational priorities Mentor junior analysts and create growth paths within the SOC Security Engineering and Automation Build and maintain automation in PowerShell or Python to reduce manual response work Integrate security tools with internal systems to streamline alerting, enrichment, and response Improve asset visibility, identity protections, endpoint controls, and zero trust policies Maintain security baselines for servers, endpoints, network devices, and cloud workloads Fortinet and Infrastructure Security Operate and tune FortiGate, FortiAnalyzer, FortiNAC, and FortiClient EMS for XDR and ZTNA Manage firewall policies, segmentation, intrusion prevention, and VPN access Expand monitoring through log forwarding, event correlation, and data retention planning Work with network and systems teams to validate architecture, resilience, and compliance Cloud Security Strengthen Azure identity, conditional access, network controls, workload protections, and audit pipelines Tune Azure Monitor, Sentinel, and Log Analytics for detection and response Improve identity hygiene including MFA posture, privileged access, service principals, and workload identities Documentation & Collaboration Maintain runbooks, playbooks, detection notes, incident templates, and SOPs in version control Clearly document detection logic, expected behavior, and tuning criteria Engage in cross functional reviews with IT, DevOps, compliance, and leadership Qualifications Bachelors degree in cybersecurity, information systems, or related field, or equivalent experience Three to seven years in SOC, incident response, or security engineering roles Hands on experience with SIEM platforms, XDR tooling, and log management Experience tuning alerts, writing detections, and performing investigations Working knowledge of Azure identity and cloud security controls Familiarity with Fortinet platforms such as FortiGate, FortiAnalyzer, EMS, and ZTNA Ability to run scrum ceremonies with consistent cadence Strong written and verbal communication skills Must be available for full-time on-site work Scripting experience in PowerShell or Python is a plus Knowledge of MITRE ATT&CK and threat hunting is a plus FCP Security Operations, AZ500 Security Engineer Associate, or GCIH certifications is a plus
What We Offer Exclusive Team Member Travel Discounts Affordable Medical Insurance 100% Employer Paid Dental and Vision Insurance HSA with Company Contribution 401(k) Basic and Voluntary Life & AD&D Pet Benefits Free Parking Amazing Culture!
ONE
is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate based on race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. Were looking for team members who thrive in a collaborative, in-person environment and want to grow their career alongside passionate technologists.