Role: Cybersecurity Operations Engineer
Location: Oakland, CA (Remote)
Duration: 6+ months
Pay Rate: $50 to $55
Overview: We are seeking a mid-to-senior level Cybersecurity Operations Engineer to take ownership of core security operations and engineering functions across firewalls, email security gateway, endpoint detection/response (EDR), threat & vulnerability management (TVM) tools, cloud security (Azure), and penetration testing coordination. This is a hands-on role focused on maintaining stability, reducing risk, and continuously improving detection, response, and hardening across the environment.
Key Experience Requirements:
- Network Security / Firewalls: Strong hands-on experience with firewall policy administration, rule lifecycle management, troubleshooting, and change control (Fortinet preferred).
- Email Security Gateway: Administration and tuning of email security controls (Mimecast preferred), including policy maintenance and investigation workflows.
- Threat & Vulnerability Management (TVM): Proficiency with Tenable.io/Tenable.sc for production scan deployments, tuning, coverage management, and reporting.
- EDR / Endpoint Security: Experience with CrowdStrike Falcon operations—alert triage, investigation, response actions, and tuning for low-noise/high-signal outcomes.
- Cloud Security (Azure): Experience with Azure security controls, monitoring, and secure configuration practices (e.g., identity, logging, network controls, posture management).
- Pen Testing: Experience coordinating internal/external penetration tests, tracking remediation, and validating fixes/closures.
Responsibilities:
- Provide Tier 2/3 support for firewall policy administration, change control, and troubleshooting; optimize rulesets and ensure continued stability and secure configurations.
- Maintain and tune email security policies (anti-phishing, impersonation protection, URL/file controls); support investigations and ongoing stability of the email security platform.
- Manage Tenable scanning from validation to full production; ensure scan coverage, credentialed scanning where applicable, tuning to reduce noise, and actionable reporting for remediation teams.
- Monitor and manage CrowdStrike detections; perform triage and investigations, execute response actions, and maintain a low-noise, automation-friendly detection environment.
- Support Azure security monitoring and hardening initiatives, including secure configurations, identity and access best practices, logging/telemetry validation, and remediation tracking.
- Coordinate penetration testing activities, ensure findings are tracked to closure, validate remediations, and maintain evidence of pass/fail outcomes.
- Create and maintain runbooks/playbooks for common investigations, changes, and recurring operational tasks; improve repeatability and reliability.
- Provide limited support for GRC reporting or control evidence coordination (Hyperproof) as requested.
Technical Requirements:
- 5+ years (or equivalent) hands-on experience in security operations/engineering.
- Fortinet firewall administration experience (or comparable enterprise firewall platforms).
- Mimecast (or comparable email security gateway) administration and policy tuning experience.
- io/Tenable.sc experience in production deployments and reporting.
- CrowdStrike Falcon experience (triage, investigations, response, tuning).
- Working knowledge of Azure security services and cloud hardening practices.
- Strong incident triage skills, documentation habits, and cross-team coordination.
