Senior Cybersecurity SOC Engineer

Job Type: Full Time
Work Flexibility: On-site
Location: Santa Clara CA
Required Skills: CrowdStrike Falcon EDR Fortinet Microsoft Defender Microsoft Entra ID Microsoft Sentinel Palo Alto Tenable

Role: Senior Cybersecurity SOC Engineer
Location: Santa Clara, CA
Employment Type: Full Time
Rate: $70 to $80/hour

Summary: The Client is seeking an elite Senior Cybersecurity SOC Engineer—a hands-on security expert with deep technical knowledge, real-world experience, and a passion for building, defending, and continuously maturing SOC capabilities. This role will report directly to the SecOps Leader within the Cybersecurity organization and requires an individual who thrives in a collaborative environment and is an absolute team player. You will lead threat detection, incident response, automation, and advanced investigations across a modern enterprise environment. If you’re a true expert in Microsoft Sentinel, CrowdStrike, MDE, SOAR, MITRE ATT&CK, APTs, and scripting—this is your arena.

Must Haves:

  • Must have hands-on experience as a SOC Engineer
  • The ideal candidate will have a minimum of 7-10 years of experience as a SOC Engineer
  • Must have hands-on experience with the technologies mentioned in the job description (Microsoft Sentinel, CrowdStrike, MDE, Tenable, etc.)
  • Onsite role based in Santa Clara, CA—local candidates preferred

Key Responsibilities:

  • Design, build, and mature the SOC program, including SIEM/SOAR architecture, detection engineering, threat hunting frameworks, and response procedures.
  • Develop and maintain a robust Incident Response (IR) program and playbooks, ensuring readiness for APTs, ransomware, insider threats, and complex attacks.
  • Lead deep-dive investigations into high-fidelity alerts, threat intelligence feeds, and anomalous behavior using:
    • CrowdStrike Falcon EDR – leveraging IOCs, IOAs, and Real Time Response (RTR) for threat containment.
    • Microsoft Defender for Endpoint (MDE) – for endpoint telemetry and lateral movement analysis.
    • Tenable – to correlate vulnerabilities with active threat activity.
    • Fortinet and Palo Alto Firewalls – for forensic packet tracing and network-layer containment.
  • Azure Cloud Security – performing cloud security investigations to detect and mitigate threats within Azure environments, including Azure Security Center and Azure Sentinel
  • M365 Cloud Security – securing and investigating Microsoft 365 environments, including threat detection and response using Microsoft Defender for Office 365 and Identity Protection
  • Expert proactive threat hunting based on TTPs mapped to the MITRE ATT&CK framework, enriching detection and reducing dwell time.
  • Conduct APT analysis, malware reverse investigation, and backdoor assessments—eradicating persistence and uncovering hidden footholds.
  • Enhance identity threat defense with Microsoft Entra ID (Azure AD), including SSO, Conditional Access, and Adaptive MFA.
  • Integrate and automate threat response via Microsoft Sentinel SOAR and Palo Alto XSOAR, driving fast, consistent, and auditable security outcomes.
  • Develop advanced detections, hunting queries, and automation scripts using:
    • KQL (for Sentinel & MDE telemetry)
    • Python (for enrichment, orchestration, and threat data parsing)
    • PowerShell (for incident response and remediation scripting)
  • Perform dark web monitoring and analysis, transforming raw intelligence into actionable insights for executive briefings and threat modeling.
  • Serve as a technical mentor and escalation point within the SOC, supporting and guiding junior analysts and engineers.
  • Collaborate closely with our managed SOC partner (MSOC) and other external entities to enhance threat intelligence and coordinate a seamless response.
  • Foster a collaborative, supportive, and high-performance team environment, ensuring knowledge sharing, skill development, and shared ownership of security outcomes.

Required Experience & Expertise:

  • 7+ years in hands-on cybersecurity roles, with proven experience in SOC, IR, threat hunting, and security engineering.
  • Deep, hands-on expertise in:
    • Microsoft Sentinel (SIEM & SOAR), KQL Queries
    • CrowdStrike Falcon EDR (including RTR, IOAs, and detection tuning)
    • Microsoft Defender for Endpoint (MDE)
    • Tenable, Fortinet, and Palo Alto Firewalls Security
    • Microsoft Entra ID (Azure AD), SSO, and MFA/Conditional Access
  • Advanced understanding and operational use of the MITRE ATT&CK framework, including mapping detections, performing gap analysis, and simulating adversary behavior.
  • Deep knowledge and hands-on experience analyzing and responding to:
    • Advanced Persistent Threats (APTs)
    • Persistence mechanisms and backdoors
    • Privilege escalation and lateral movement
    • Command and Control (C2) and exfiltration tactics
  • Proven scripting capability in KQL, Python, and PowerShell for automation, data enrichment, and detection logic.
  • Experience integrating and tuning SOAR/XSOAR platforms in complex enterprise environments.
  • Strong team collaboration, communication, and mentoring skills—a genuine team player and leader-by-example.

Preferred Certifications:

  • GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, or equivalent experience.
  • MITRE ATT&CK Defender (MAD), OSCP, or Red Team certs a strong plus.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx