Security Operations Center Engineer

Overview

The IT Security Team is looking for a seasoned professional to support a passionate, innovative, and results driven team. The Security Operations Center (SOC) Engineer is responsible for managing and maintaining security tools such as Splunk SIEM and SOAR platforms, automating SOC workflows, and configuring log collection across on-premises and cloud environments (Azure, AWS). This role collaborates closely with SOC analysts to enhance detection, response, and automation capabilities using SOAR and SIEM technologies. The ideal candidate is skilled in scripting (Python, PowerShell), cloud security configurations, Linux administration, and integrating diverse security tools. They continuously advance SOC effectiveness by staying current on emerging threats, technologies, and best practices.

This role can be remote anywhere in the country. The salary range for this role is $165,000 to $175,000, plus an annual bonus. However Lakeview considers several factors when extending an offer, including but not limited to, the roles and associated responsibilities, a candidate's work experience, education/training, location and key skills.

Responsibilities

• Maintain and configure Splunk SIEM and SOAR infrastructure to support security operations and incident response efforts.
• Ensure accurate and reliable ingestion of security logs from on-premises infrastructure, cloud environments (Azure, AWS), and SaaS applications into the SIEM platform.
• Develop and manage integrations between SIEM, SOAR, EDR, and other security tools to streamline alerting, enrichment, and automated response.
• Work closely with SOC analysts to identify use cases for automation and build playbooks in SOAR platforms (e.g., Splunk SOAR) to improve triage and response efficiency.
• Create and maintain detailed documentation, runbooks, and architectural diagrams for all supported security tools and data flows.
• Participate in proof-of-concept testing and implementation of new SOC tools, scripts, and detection technologies.
• Monitor the health, performance, and scalability of security infrastructure and recommend enhancements or fixes as needed.
• Provide mentorship and technical support to SOC analysts in areas such as scripting, tooling, and automation workflows.
• Stay current on evolving threat landscapes, detection techniques, and advances in security technologies to continuously improve SOC capabilities.
  
  

Qualifications

• 10 years of experience in security engineering, security operations, or security automation roles
• Splunk administration experience is required; Splunk certifications such as Splunk Cloud Certified Admin, Splunk Enterprise Certified Architect, or Splunk SOAR Certified Automation Developer are preferred
• Experience with SOAR platforms is required; Splunk SOAR (Phantom) is preferred
• Experience managing EDR platforms
• Proficiency in scripting languages such as Python and PowerShell for automation and tool integration
• Strong understanding of Azure and AWS logging architecture, including Azure Monitor, Activity Logs, Defender for Cloud, GuardDuty, and CloudTrail
• Linux administration experience with a focus on system security and monitoring
• Familiarity with network protocols, firewall rules, and endpoint telemetry as they relate to hybrid and cloud environments
• Experience integrating APIs across security tools for automation of enrichment, ticketing, and response workflows
• Working knowledge of MITRE ATT&CK, detection engineering, and threat hunting techniques
• Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent work experience
  
  

Knowledge and Skills Required:

• Strong problem-solving and analytical skills with attention to detail.
• Ability to work independently and collaboratively in a fast-paced environment.
• Self-starter with strong interpersonal, written and verbal communication skills and the ability to interact with technical and non-technical stakeholders.
  
  

Certifications

• Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect OR Splunk Cloud Certified Admin, Splunk SOAR Certified Automation Developer preferred
  
  

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus.

EEOC

Lakeview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.