Senior Security Engineer

Title

Senior Security Engineer

Job Overview

The Senior Security Engineer, Modern SecOps is a highly skilled professional who plays a critical role in advancing and maturing SBM's enterprise security operations program. This is a senior level individual contributor role intended for an experienced security professional who brings deep technical ability, strong operational judgment, and the ability to influence security outcomes across complex, hybrid environments.

This role will serve as a technical authority within Security Operations, responsible for the design, implementation, optimization, and effectiveness of a modern security operations platform that combines Microsoft native security capabilities with select opensource security tooling, aligned to operational needs and cost efficiency.

Primary emphasis will be placed on Microsoft Defender XDR, Microsoft Sentinel (SIEM/SOAR), Purview, and Intune, while also contributing to the evaluation, deployment, and operation of opensource security tools to augment visibility, detection, and response where appropriate.

Roles & Responsibilities

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Other duties may be assigned.

Security Operations Leadership

• Act as a senior technical leader within Security Operations, providing expertise and direction on detection, investigation, and response practices.
• Own and continuously improve incident response workflows, escalation paths, and operational processes across Microsoft and opensource security platforms.
• Serve as a senior escalation point for complex or high impact security incidents.
• Help define operational standards, metrics, and maturity goals for a modern SOC.

SIEM, SOAR & Detection Engineering

• Architect, build, and maintain SIEM and SOAR capabilities using modern SecOps tools like Microsoft Sentinel, Wazuh, and a combination of complementary tooling.
• Design and tune analytics rules, automation playbooks, and incident workflows to improve detection fidelity and response speed.
• Lead ongoing efforts to reduce alert fatigue, false positives, and redundant signals through structured, data driven tuning.
• Ensure detections are reliable, maintainable, and aligned with real‑world threat activity.

Threat Hunting & Advanced Analysis

• Lead and perform proactive threat hunting across endpoint, identity, email, cloud, network, and log‑based telemetry.
• Develop and maintain advanced KQL queries for hunting, investigations, and detection engineering.
• Leverage opensource telemetry and detections to supplement Microsoft security signals where appropriate.
• Translate threat intelligence and emerging attacker techniques into actionable detections and response improvements.
• Align threat hunting and detections with frameworks such as MITRE ATT&CK.

Security Architecture & Platform Strategy

• Provide hands‑on security architecture guidance across endpoints, identity, email, cloud, network, and logging domains.
• Partner with infrastructure, cloud, identity, and application teams to ensure secure‑by‑design implementations.
• Drive thoughtful tool consolidation, prioritizing Microsoft E5 capabilities while integrating opensource solutions where they add measurable value.

OpenSource Security Tooling

• Evaluate, deploy, and operate opensource security tools to enhance detection, visibility, or response capabilities.
• Contribute to the implementation and operationalization of SIEM/SOAR for host‑based detection, log analysis, and security monitoring.
• Integrate opensource tooling with Microsoft Sentinel and Defender to create a unified investigation and response workflow.
• Assess tradeoffs between opensource and commercial solutions, including maintainability, scalability, and operational overhead.

Automation & Engineering

• Design and implement security automation using Sentinel SOAR playbooks, APIs, and scripting.
• Integrate security tooling with IT systems, workflows, and notification platforms to improve operational efficiency.

Microsoft Security Platform Expertise

• Act as a subject matter expert for:
  • Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)
  • Microsoft Sentinel (SIEM/SOAR)
  • Microsoft Purview (DLP, information protection, insider risk)
  • Microsoft Intune (endpoint security posture and controls)
• Ensure platforms are configured according to best practices and continuously optimized as capabilities evolve.

AI & Emerging Capabilities

• Evaluate and responsibly adopt AI assisted security capabilities, including Microsoft Security Copilot and related technologies.
• Identify opportunities where AI can improve investigation quality, response consistency, and analyst effectiveness.

Collaboration & Mentorship

• Collaborate closely with IT operations, cloud engineering, identity, and application teams.
• Provide mentorship and technical guidance to junior and midlevel security staff.
• Clearly communicate security risks, findings, and recommendations to both technical and nontechnical stakeholders.

Key Performance Indicators (KPIs) - 3/2026

• Improve security incident detection and response effectiveness, demonstrated by reduced m.