What are the responsibilities and job description for the Senior Cyber Security Engineer position at OP Recruiting?
This Senior Cybersecurity Engineer role focuses on enterprise security engineering with an emphasis on email security and DLP, SIEM engineering and integrations, automation/SOAR workflows, and SOC reporting/metrics. The role is hands-on and collaborative, working with SOC analysts, IAM, infrastructure, and cloud teams to improve detection fidelity, reduce manual workload through automation, and ensure security controls support regulated healthcare operations (PHI/ePHI; HIPAA/HITECH).
Essential Duties and Responsibilities include the following. Other duties and tasks
may be assigned.
Operate and tune enterprise email security gateway (SEG) and DLP controls, including escalations, quarantined message review, and release workflows.
Refine DLP policies, smart identifiers, dictionaries, and detection logic to reduce false positives and protect sensitive data.
Support and improve email authentication posture (DMARC/DKIM/SPF) and modify inbound/outbound policy routes as required.
Develop SIEM engineering for new data sources: integrate, validate, normalize, enrich,correlate, document, and hand off to operations.
Drive resolution of SIEM detection tuning backlog and continuously improve fidelity across endpoint, cloud, identity, badge, and network telemetry.
Develop correlation logic and SOC-focused workflows to reduce alert fatigue and
improve detection quality.
Design and implement SOAR workflows to automate enrichment, correlation, case updates, and triggered response actions (e.g., forced password resets).
Synchronize case status across platforms (EDR, data governance, SIEM) and enable automated closure/annotation of bulk detections.
Automate IOC reputation checks, identity lookups, enrichment, and integrated IP/URL blocking via firewalls or filtering platforms (as applicable).
Generate and publish SIEM/SOC metrics including MTTR, time-to-triage, time-to-detect, detection volume, disposition trends, and attack vector analysis.
Collaborate with SOC/IR teams to investigate escalations; implement engineering
changes to prevent recurrence.
Create and maintain high-quality technical documentation, runbooks, onboarding
standards, and operational guides.
Qualifications/Requirements
7 years in cybersecurity engineering roles, with strong emphasis on email
security/DLP operations, SIEM engineering, detection tuning, and automation.
Hands-on experience with enterprise email security gateways and DLP solutions,
including policy tuning, identifiers/dictionaries, and regex-based rule creation.
Strong familiarity with EDR platforms, endpoint telemetry, and the ability to
operationalize EDR signals in SIEM workflows.
Proven SIEM engineering experience: log-source onboarding, parsing/normalization, enrichment, correlation, detection tuning, and operational handoff.
Experience building automations (SOAR or native platform automation) supporting enrichment, correlation, case-state synchronization, and triggered response actions.
Scripting proficiency required: PowerShell, Python, and Linux shell (Bash), including use of APIs for automation and data processing.
Demonstrated ability to create SOC-focused dashboards/reports (MTTR, detection fidelity, triage timelines, false-positive trends, threat patterns).
Knowledge of email authentication standards including DMARC, DKIM, and SPF and their operational impacts.
Familiarity with regulated industry requirements (HIPAA, GLBA, PCI) and how security controls support compliance.
Excellent documentation, communication, and cross-team collaboration skills; ability to create runbooks and engineering standards.
Ability to work directly with SOC, IAM, infrastructure, networking, and cloud teams to build operationally ready solutions.
Successful Competency Factors
Ability to articulate technical concepts to technical and nontechnical audiences.
Ability to work effectively across varied scenarios and complex problems.
Ability to execute tasks or projects without established organizational precedent.
Analytical and creative problem-solving to propose effective security solutions.
Strong collaboration with cross-functional teams.
Ability to quickly learn and adapt to new technologies.
Essential Duties and Responsibilities include the following. Other duties and tasks
may be assigned.
Operate and tune enterprise email security gateway (SEG) and DLP controls, including escalations, quarantined message review, and release workflows.
Refine DLP policies, smart identifiers, dictionaries, and detection logic to reduce false positives and protect sensitive data.
Support and improve email authentication posture (DMARC/DKIM/SPF) and modify inbound/outbound policy routes as required.
Develop SIEM engineering for new data sources: integrate, validate, normalize, enrich,correlate, document, and hand off to operations.
Drive resolution of SIEM detection tuning backlog and continuously improve fidelity across endpoint, cloud, identity, badge, and network telemetry.
Develop correlation logic and SOC-focused workflows to reduce alert fatigue and
improve detection quality.
Design and implement SOAR workflows to automate enrichment, correlation, case updates, and triggered response actions (e.g., forced password resets).
Synchronize case status across platforms (EDR, data governance, SIEM) and enable automated closure/annotation of bulk detections.
Automate IOC reputation checks, identity lookups, enrichment, and integrated IP/URL blocking via firewalls or filtering platforms (as applicable).
Generate and publish SIEM/SOC metrics including MTTR, time-to-triage, time-to-detect, detection volume, disposition trends, and attack vector analysis.
Collaborate with SOC/IR teams to investigate escalations; implement engineering
changes to prevent recurrence.
Create and maintain high-quality technical documentation, runbooks, onboarding
standards, and operational guides.
Qualifications/Requirements
7 years in cybersecurity engineering roles, with strong emphasis on email
security/DLP operations, SIEM engineering, detection tuning, and automation.
Hands-on experience with enterprise email security gateways and DLP solutions,
including policy tuning, identifiers/dictionaries, and regex-based rule creation.
Strong familiarity with EDR platforms, endpoint telemetry, and the ability to
operationalize EDR signals in SIEM workflows.
Proven SIEM engineering experience: log-source onboarding, parsing/normalization, enrichment, correlation, detection tuning, and operational handoff.
Experience building automations (SOAR or native platform automation) supporting enrichment, correlation, case-state synchronization, and triggered response actions.
Scripting proficiency required: PowerShell, Python, and Linux shell (Bash), including use of APIs for automation and data processing.
Demonstrated ability to create SOC-focused dashboards/reports (MTTR, detection fidelity, triage timelines, false-positive trends, threat patterns).
Knowledge of email authentication standards including DMARC, DKIM, and SPF and their operational impacts.
Familiarity with regulated industry requirements (HIPAA, GLBA, PCI) and how security controls support compliance.
Excellent documentation, communication, and cross-team collaboration skills; ability to create runbooks and engineering standards.
Ability to work directly with SOC, IAM, infrastructure, networking, and cloud teams to build operationally ready solutions.
Successful Competency Factors
Ability to articulate technical concepts to technical and nontechnical audiences.
Ability to work effectively across varied scenarios and complex problems.
Ability to execute tasks or projects without established organizational precedent.
Analytical and creative problem-solving to propose effective security solutions.
Strong collaboration with cross-functional teams.
Ability to quickly learn and adapt to new technologies.