AI Summary
Expert Technical Solutions is seeking a Senior Security Engineer to lead cyber defense engineering initiatives, perform proactive threat hunting, and design/operate an emerging Agentic SOC platform. The ideal candidate will have 5-8+ years of experience in Security Engineering, Threat Detection, SOC Engineering, or similar roles. Strong understanding of SIEM, SOAR, EDR, XDR, UEBA, logging pipelines, and threat detection fundamentals is required.
Key Highlights
Lead cyber defense engineering initiatives
Perform proactive threat hunting
Design/operate an emerging Agentic SOC platform
Key Responsibilities
Configure, maintain, and optimize Splunk ES, including data onboarding, CIM mapping, correlation searches, risk-based alerting (RBA), dashboards, and content management.
Implement ES-specific engineering tasks such as custom data models, notable event tuning, and performance optimization.
Build and deploy advanced detection capabilities using behavioral analytics, anomaly rules, and attacker TTP modeling.
Develop and maintain detection-as-code pipelines and security engineering automations.
Partner with teams and use threat intelligence to operationalize new IOCs, IOAs, and detect adversary tradecraft.
Conduct proactive threat hunts across endpoints, network, cloud, and identity systems.
Develop hypotheses, use advanced analytics, and leverage Splunk, EDR, and cloud-native telemetry.
Produce hunting reports, detection improvements, and lessons learned.
Design, implement, and maintain an AI-driven, agentic SOC platform to automate detection triage, investigations, enrichment, and recommendations.
Coordinate with vendor resources to implement multi-agent LLM-powered workflows into SOC processes while ensuring governance and safety.
Partner with operations teams to ensure reliable adoption and continuous improvement.
Build and deploy security centric AI automations leveraging LLMs, vector search, RAG pipelines, and orchestration frameworks.
Automate repetitive security operations processes and reduce manual workload.
Evaluate new AI security features, frameworks, and tools for enterprise adoption.
Participate in the Security Operations on call rotation, providing timely response to high priority security alerts, incidents, and escalations.
Assist Incident Response teams with triage, investigation, containment, and remediation activities across endpoint, cloud, network, and identity platforms.
Technical Skills Required
Benefits & Perks
6 months + contract with a strong possibility of extension on conversion to permanent
Fully remote work
Strong possibility of extension on conversion to permanent
Nice to Have
Experience implementing agentic AI tools to enhance automation and improve monitoring and response capabilities.
MITRE ATT&CK fluency and experience converting adversary TTPs into detections.
Experience with modern CI/CD, detection-as-code, and observability tooling.
Job Description
Sr. Security Engineer โ Remote
Expert Technical Solutions has an immediate opening for a Sr. Security Engineer with one of our premier clients in the financial services industry.
This is 6 months + contract with a strong possibility of extension on conversion to permanent.
The position is fully Remote from home.
In this role, you will be responsible for engineering and maintaining Splunk Enterprise Security, leading cyber defense engineering initiatives, performing proactive threat hunting, and designing/operating our emerging Agentic SOC platform. You will also drive security-focused AI engineering and automation to enhance detection, response, and operational efficiency.
Responsibilities
Splunk Enterprise Security (ES) Engineering
- Configure, maintain, and optimize Splunk ES, including data onboarding, CIM mapping, correlation searches, risk-based alerting (RBA), dashboards, and content management.
- Implement ES-specific engineering tasks such as custom data models, notable event tuning, and performance optimization.
- Build and deploy advanced detection capabilities using behavioral analytics, anomaly rules, and attacker TTP modeling.
- Develop and maintain detection-as-code pipelines and security engineering automations.
- Partner with teams and use threat intelligence to operationalize new IOCs, IOAs, and detect adversary tradecraft.
- Conduct proactive threat hunts across endpoints, network, cloud, and identity systems.
- Develop hypotheses, use advanced analytics, and leverage Splunk, EDR, and cloud-native telemetry.
- Produce hunting reports, detection improvements, and lessons learned.
Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Design, implement, and maintain an AI-driven, agentic SOC platform to automate detection triage, investigations, enrichment, and recommendations.
- Coordinate with vendor resources to implement multi-agent LLM-powered workflows into SOC processes while ensuring governance and safety.
- Partner with operations teams to ensure reliable adoption and continuous improvement.
- Build and deploy security centric AI automations leveraging LLMs, vector search, RAG pipelines, and orchestration frameworks.
- Automate repetitive security operations processes and reduce manual workload.
- Evaluate new AI security features, frameworks, and tools for enterprise adoption.
- Participate in the Security Operations on call rotation, providing timely response to high priority security alerts, incidents, and escalations.
- Assist Incident Response teams with triage, investigation, containment, and remediation activities across endpoint, cloud, network, and identity platforms.
- Leverage Splunk ES, EDR/XDR tools, and the Agentic SOC platform to support rapid, intelligence driven incident handling.
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- 5โ8+ years of experience in Security Engineering, Threat Detection, SOC Engineering, or similar roles.
- Hands-on experience with Splunk Enterprise Security (ES) architecture, content engineering, and operational support.
- Strong understanding of SIEM, SOAR, EDR, XDR, UEBA, logging pipelines, and threat detection fundamentals required for incident response activities.
- Experience with Python, PowerShell, or other automation languages.
- Familiarity with LLMs, AI agent frameworks, RAG architecture, and security automation tools.
- Ability to operate independently, drive complex initiatives, and collaborate effectively with cross functional teams.
- Strong analytical thinking, curiosity, and desire to continuously improve security posture.
- Experience implementing agentic AI tools to enhance automation and improve monitoring and response capabilities.
- MITRE ATT&CK fluency and experience converting adversary TTPs into detections.
- Experience with modern CI/CD, detection-as-code, and observability tooling.
- Relevant certifications (e.g., GIAC GCIA, GCDA, GCIH, GCFE, GCTI, Splunk Core/Power User, Splunk ES Admin, AWS/Azure Security).
Similar Jobs
Explore other opportunities that match your interests
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
DLB Associates
United State
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
cybersheath
United State
Visa Sponsorship
Relocation
Remote
Job Type
Contract
Experience Level
Not Applicable
24-mag
United State