Description:
We are seeking a Cybersecurity Integrator Specialist to join our Security Operations Center as a core technical contributor. This role sits at the intersection of software engineering, DevOps, and cybersecurity — purpose-built for someone who can not only detect and respond to threats, but build and automate the systems that make the SOC more effective.
You will report to the Cybersecurity Manager as part of the Security Engineering team while collaborating with the Incident Response Lead and working in close collaboration with the Detection Engineering Lead on detection logic, tuning, and coverage. This cross-functional position requires equal comfort in engineering work and security operations — bridging the gap between those two disciplines is the job.
Are You Ready To
- Own and execute security engineering tasks assigned by the Security Engineering Lead, spanning tooling builds, integrations, and infrastructure improvements
- Collaborate directly with the Detection Engineering Lead on detection-as-code, rule authoring, alert tuning, and closing coverage gaps
- Design and build security automation pipelines and integrations that connect SOC platforms (SIEM, SOAR, EDR, threat intel feeds, ticketing systems)
- Support the Incident Response Manager during active incidents — providing platform support, log analysis tooling, and rapid engineering solutions under pressure
- Develop and maintain SOAR playbooks, automated response workflows, and repeatable runbooks using scripting and IaC practices
- Support CI/CD pipelines for security tooling including testing, versioning, and deployment of SOC infrastructure
- Identify and close gaps in telemetry, logging coverage, and alerting fidelity across cloud, on-prem, and hybrid environments
- Document integration architectures, runbooks, and operational procedures to support the entire SOC team
Minimum Qualifications
- 3–6+ years of experience in a SOC environment in any capacity (analyst, engineer, detection engineer, etc.)
- Strong software engineering fundamentals — proficiency in at least one systems or scripting language (Python strongly preferred; Go, Rust, or similar a plus)
- DevOps experience — hands-on with CI/CD tooling (GitHub Actions, GitLab CI, Jenkins, etc.), containerization (Docker/Kubernetes), and infrastructure-as-code (Terraform, Ansible, or equivalent)
- Security domain expertise across one or more of: SIEM engineering, SOAR development, threat detection, cloud security, network security monitoring, or incident response
- Familiarity with log pipelines and data engineering concepts (e.g., Kafka, Logstash, Cribl, Fluentd)
- Working knowledge of MITRE ATT&CK framework and its application to detection and response
- Strong understanding of attacker TTPs, common vulnerability classes, and defensive countermeasures
- Able to context-switch effectively between engineering work and operational support
- Comfortable receiving direction from multiple senior stakeholders and managing competing priorities
- Strong written and verbal communication; can translate technical findings for non-technical stakeholders