alliedconsultants
Security Operations Engineer
Company
Role
Security Operations Engineer
Location
Job type
Other
Found on Mokaru
3 days ago
Salary
Job description
Overview
Texas GovLink, Inc. is an Austin-based firm which has been a leading provider of technical and business professionals to clients in Texas. We are currently seeking an experienced Security Operations Engineer to be a key resource on a technical services team.
Texas GovLink offers its family of consultants excellent rates, a local support staff, and an attractive benefits package which includes medical insurance (TGL shares a percentage of the cost), life insurance, a matching 401(k) plan and a cafeteria plan.Candidates selected for interview will be required to undergo criminal background checks and may be required to complete a drug screen in accordance with Federal and State Law. Offers of Employment are contingent on a successful background checkTexas GovLink is an equal opportunities employer.
Responsibilities
- Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
- Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
- Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
- Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
- Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
- Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
- Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
- Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
- Support SOC operations by providing detection engineering, log onboarding, and data normalization.
- Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
- Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
- Produce engineering reports, tuning documentation, and platform health assessments.
- Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
- Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps
Qualifications
Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years
Required/Preferred
Experience
5
Required
SOC operations experience
5
Required
Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements.
5
Required
Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.
5
Required
Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.
5
Required
Threat intelligence application expertise
5
Required
Develop detection logic aligned with adversary TTPs
6
Preferred
Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
5
Preferred
Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
5
Preferred
Perform packet-level analysis to validate alerts and identify malicious activity
5
Preferred
Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence
5
Preferred
Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation
4
Preferred
Security Certifications Preferred (CISSP, CEH, GISF, GSEC, CySA+, Sec+)
