Apply Now
Location: Austin, Texas (TX)
Contract Type: C2C
Posted: 2 hours ago
Closed Date: 07/07/2026
Skills: Security Operations Engineer,Netwitness or CorelightCorelight, NetWitness, Microsoft Sentinel, and Google SecOps
Visa Type: Any Visa

Position: Security Operations Engineer

  • Location: Austin, TX. 
  • Hybrid. Candidates must be local to either San Antonio or Austin, TX. 
  • Need local candidates with DL- either San Antonio or Austin, TX. 
  • LinkedIn
  •  
  • Interview Process: TEAMS

Any state agency experience is must

Submission Requirements

  • Updated resume with detailed project descriptions for recent engagements
  • LinkedIn profile
  • Any additional client-required forms or documentation

Responsibilities

  • Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
  • Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and command-and-control activity.
  • Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
  • Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligence-driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
  • Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
  • Support SOC operations by providing detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide network-level evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, and platform health assessments.
  • Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
  • Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps

must have Qualifications:

must have Requirements:

Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.