Back to Jobs
Remote (US-based) Remote (Global) Full-time USD 136,000 – 155,000 / year

Dispel is hiring a Senior Security Operations Engineer

Responsibilities

  • Manage the complete log ingestion workflow: assess coverage, develop data feeds, verify parsing accuracy, and sustain dashboards tracking visibility
  • Bridge logging deficiencies in federal systems and implement commercial-grade logging across AWS, Azure, Entra ID, and SaaS platforms
  • Enable and configure SOAR capabilities such as Domain-Wide Delegation, third-party integrations, and two-way response actions
  • Design and maintain SOAR playbooks for critical incident types including phishing, malware, account breaches, lateral movement, and cloud-based threats
  • Create and update operational dashboards for SOC performance metrics, alert volume trends, mean time to acknowledge and respond, and detection coverage
  • Administer role-based access controls within Google SecOps
  • Develop and deploy production-ready detection rules aligned with MITRE ATT&CK framework within the first year
  • Build custom parsers for AWS security services including GuardDuty, Security Hub, Inspector, WAF, CloudTrail, and VPC Flow Logs
  • Implement a full detection lifecycle covering proposal, testing, deployment, tuning, and eventual deactivation
  • Perform quarterly reviews of detection quality to assess false positive rates, coverage shortfalls, and rule effectiveness
  • Optimize alert thresholds to minimize noise and reduce analyst burnout
  • Lead SentinelOne deployment across Azure virtual machines in commercial environments and all federal endpoints
  • Configure and operate Cloud Funnel for secure log forwarding into Google SecOps
  • Develop correlation logic linking EDR alerts with SIEM-based detections
  • Manage SentinelOne role-based access groups and policy settings
  • Coordinate with IT teams on agent rollout, health monitoring, and version updates
  • Act as senior escalation point during SOC incidents, ensuring investigations include root cause, remediation steps, credential rotation, and follow-up timelines
  • Improve mean time to acknowledge and mean time to respond through process refinement, tool enhancements, and analyst training
  • Lead quarterly incident simulation exercises and post-exercise reviews
  • Maintain and refine incident response runbooks for major incident categories
  • Integrate incident workflows with Jira Service Management for tracking and escalation
  • Operationalize monthly vulnerability scans across all environments using tools like Nessus, AWS Inspector, and Azure Defender
  • Define and enforce remediation SLAs by severity: Critical within 72 hours, High within 7 days, Medium within 30 days
  • Build unified vulnerability dashboards in Google SecOps
  • Monitor compliance with SLAs and report metrics to the CISO

Compensation

136K-155K base salary plus equity and performance bonus, adjusted by experience and location

Work Arrangement

Remote (Worldwide)

Team

SOC team with existing analysts; this role provides technical leadership and direction without formal management duties

Other

  • US Person status (citizen or permanent resident) required under ITAR/EAR regulations
  • Ability to obtain and maintain a security clearance preferred
  • Remote-first culture with flexible hours

Not mentioned

About company
Dispel
A cybersecurity company specializing in secure remote access, OT DMZ unification, and threat detection for industrial control systems and cyber-physical environments. Protects critical infrastructure for industrials, utilities, manufacturing, military and government markets worldwide.
All jobs at Dispel Visit website
Job Details
Category security
Posted 2 months ago