Position: Security Operations Engineer
- Location: Austin, TX.
- Hybrid. Candidates must be local to either San Antonio or Austin, TX.
- Need local candidates with DL- either San Antonio or Austin, TX.
- LinkedIn
-
- Interview Process: TEAMS
Any state agency experience is must
Submission Requirements
- Updated resume with detailed project descriptions for recent engagements
- LinkedIn profile
- Any additional client-required forms or documentation
Responsibilities
- Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
- Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
- Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
- Conduct network traffic analysis to detect anomalies, lateral movement, and command-and-control activity.
- Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
- Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
- Continuously tune detection content based on intelligence-driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
- Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
- Support SOC operations by providing detection engineering, log onboarding, and data normalization.
- Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
- Collaborate with Incident Responders to provide network-level evidence, context, and threat validation.
- Produce engineering reports, tuning documentation, and platform health assessments.
- Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
- Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps
must have Qualifications:
must have Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.