Role: Senior Cybersecurity SOC Engineer
Location: Santa Clara, CA
Employment Type: Full Time
Rate: $70 to $80/hour
Summary: The Client is seeking an elite Senior Cybersecurity SOC Engineer—a hands-on security expert with deep technical knowledge, real-world experience, and a passion for building, defending, and continuously maturing SOC capabilities. This role will report directly to the SecOps Leader within the Cybersecurity organization and requires an individual who thrives in a collaborative environment and is an absolute team player. You will lead threat detection, incident response, automation, and advanced investigations across a modern enterprise environment. If you’re a true expert in Microsoft Sentinel, CrowdStrike, MDE, SOAR, MITRE ATT&CK, APTs, and scripting—this is your arena.
Must Haves:
- Must have hands-on experience as a SOC Engineer
- The ideal candidate will have a minimum of 7-10 years of experience as a SOC Engineer
- Must have hands-on experience with the technologies mentioned in the job description (Microsoft Sentinel, CrowdStrike, MDE, Tenable, etc.)
- Onsite role based in Santa Clara, CA—local candidates preferred
Key Responsibilities:
- Design, build, and mature the SOC program, including SIEM/SOAR architecture, detection engineering, threat hunting frameworks, and response procedures.
- Develop and maintain a robust Incident Response (IR) program and playbooks, ensuring readiness for APTs, ransomware, insider threats, and complex attacks.
- Lead deep-dive investigations into high-fidelity alerts, threat intelligence feeds, and anomalous behavior using:
- CrowdStrike Falcon EDR – leveraging IOCs, IOAs, and Real Time Response (RTR) for threat containment.
- Microsoft Defender for Endpoint (MDE) – for endpoint telemetry and lateral movement analysis.
- Tenable – to correlate vulnerabilities with active threat activity.
- Fortinet and Palo Alto Firewalls – for forensic packet tracing and network-layer containment.
- Azure Cloud Security – performing cloud security investigations to detect and mitigate threats within Azure environments, including Azure Security Center and Azure Sentinel
- M365 Cloud Security – securing and investigating Microsoft 365 environments, including threat detection and response using Microsoft Defender for Office 365 and Identity Protection
- Expert proactive threat hunting based on TTPs mapped to the MITRE ATT&CK framework, enriching detection and reducing dwell time.
- Conduct APT analysis, malware reverse investigation, and backdoor assessments—eradicating persistence and uncovering hidden footholds.
- Enhance identity threat defense with Microsoft Entra ID (Azure AD), including SSO, Conditional Access, and Adaptive MFA.
- Integrate and automate threat response via Microsoft Sentinel SOAR and Palo Alto XSOAR, driving fast, consistent, and auditable security outcomes.
- Develop advanced detections, hunting queries, and automation scripts using:
- KQL (for Sentinel & MDE telemetry)
- Python (for enrichment, orchestration, and threat data parsing)
- PowerShell (for incident response and remediation scripting)
- Perform dark web monitoring and analysis, transforming raw intelligence into actionable insights for executive briefings and threat modeling.
- Serve as a technical mentor and escalation point within the SOC, supporting and guiding junior analysts and engineers.
- Collaborate closely with our managed SOC partner (MSOC) and other external entities to enhance threat intelligence and coordinate a seamless response.
- Foster a collaborative, supportive, and high-performance team environment, ensuring knowledge sharing, skill development, and shared ownership of security outcomes.
Required Experience & Expertise:
- 7+ years in hands-on cybersecurity roles, with proven experience in SOC, IR, threat hunting, and security engineering.
- Deep, hands-on expertise in:
- Microsoft Sentinel (SIEM & SOAR), KQL Queries
- CrowdStrike Falcon EDR (including RTR, IOAs, and detection tuning)
- Microsoft Defender for Endpoint (MDE)
- Tenable, Fortinet, and Palo Alto Firewalls Security
- Microsoft Entra ID (Azure AD), SSO, and MFA/Conditional Access
- Advanced understanding and operational use of the MITRE ATT&CK framework, including mapping detections, performing gap analysis, and simulating adversary behavior.
- Deep knowledge and hands-on experience analyzing and responding to:
- Advanced Persistent Threats (APTs)
- Persistence mechanisms and backdoors
- Privilege escalation and lateral movement
- Command and Control (C2) and exfiltration tactics
- Proven scripting capability in KQL, Python, and PowerShell for automation, data enrichment, and detection logic.
- Experience integrating and tuning SOAR/XSOAR platforms in complex enterprise environments.
- Strong team collaboration, communication, and mentoring skills—a genuine team player and leader-by-example.
Preferred Certifications:
- GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, or equivalent experience.
- MITRE ATT&CK Defender (MAD), OSCP, or Red Team certs a strong plus.