Security Platform Operations Engineer

The Information Security team is responsible for the oversight and execution of the Enterprise's Information Security, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to, security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning/implementation, identity management, network security, privacy, and compliance., The Security Platform and Services Operations Engineer is a foundational new role within the Security Engineering team, reporting to the Director of Security Architecture and Engineering. Following the Plan-Build-Run methodology, this position is squarely focused on the Run discipline-ensuring the day-to-day operational health, supportability, and continuous improvement of the enterprise's security platforms and tooling. This is the first hire for this role, so we are looking for a self-starter with a take-charge attitude and high motivation to define and build the operational processes from the ground up.

This role serves as the critical bridge between the IT Service Desk, IT Engineering teams, and the Security Engineering team. The ideal candidate brings a strong customer-support mindset combined with hands-on security platform experience, enabling them to function as a Tier 2 resource for IT Support and Engineering teams and as a Tier 1 Security Engineer within the Security team. They will own ticket queue management, stakeholder communication, follow-ups, and will be instrumental in building the documentation, workflows, and runbooks that allow front-line IT teams to independently identify, triage, and resolve common security-related issues.

Responsibilities

• Manage and triage inbound security-related ticket queues, ensuring timely acknowledgment, accurate categorization, and resolution within defined SLAs.
• Act as the primary liaison and first point of contact between the IT Service Desk, IT Engineering teams, and Security Engineering members, facilitating clear communication and efficient handoffs.
• Serve as a Tier 2 escalation engineer for IT Support and IT Engineering teams on security platform issues, and as a Tier 1 Security Engineer within the Security Engineering team.
• Build, maintain, and continuously improve operational documentation, troubleshooting workflows, runbooks, and knowledge base articles that enable IT Service Desk Analysts and IT Engineers to independently identify, triage, and resolve common security platform issues for end users.
• Provide consistent follow-up and status communication to stakeholders and end users on open tickets, ensuring transparency and accountability throughout the resolution lifecycle.
• Gather and document operational requirements from IT Support, Engineering, and Security teams to identify gaps in tooling, process, or documentation and drive improvements.
• Troubleshoot endpoint security platform issues including agent health, policy enforcement, application control events, and connectivity to cloud security services.
• Support the operational health of security platforms including endpoint detection and response (EDR), application whitelisting, secure web gateway, and zero-trust network access solutions.
• Partner with Security Engineers on platform changes, upgrades, and rollouts by validating operational readiness, updating runbooks, and coordinating communication to support teams.
• Identify recurring incidents and pain points, propose process improvements, and contribute to the maturation of the Security Engineering Operations function.
• Facilitate Vulnerability Management communications by ensuring identified vulnerabilities are clearly communicated to responsible teams, tracked through remediation or escalation, and closed out in a timely manner. Engage Security Engineers as needed to assist with validation of remediation efforts or to determine appropriate compensating controls.

• Minimum 2-3 years of experience in an IT Support, Help Desk, or Systems Administration role with a strong customer service orientation.
• Minimum 1-2 years of hands-on experience working with or supporting enterprise security platforms and tooling.
• Demonstrated ability to manage ticket queues, prioritize competing requests, and communicate effectively with both technical and non-technical stakeholders.
• Strong endpoint troubleshooting skills across Windows and macOS environments, including familiarity with OS-level diagnostics, agent deployments, and policy conflicts.
• Basic understanding of networking concepts (DNS, DHCP, TCP/IP, proxy/PAC configurations, SSL/TLS) sufficient to troubleshoot connectivity issues related to security platforms.
• Experience with Microsoft enterprise products and services (Active Directory, Entra ID, Microsoft 365, Group Policy, Intune).
• Familiarity with Identity Provider (IDP) Conditional Access Policies, including the ability to troubleshoot policy evaluation outcomes and read sign-in and audit logs to diagnose access issues.
• Ability to write clear, concise technical documentation, runbooks, and knowledge base articles suitable for a range of technical audiences.
• Industry-recognized security certification such as CompTIA Security+ (required).
• Self-motivated with a proactive, take-charge attitude-comfortable operating with minimal direction as the first hire in this function.
• Natural passion for security operations and a strong drive to see both projects and issues through to completion., * Experience with ThreatLocker or a comparable application whitelisting / ringfencing solution.
• Experience with Zscaler (ZIA, ZPA, and/or ZDX) including troubleshooting ZCC client connectivity and policy issues.
• Experience with Microsoft Defender for Endpoint or another enterprise EDR platform (CrowdStrike, SentinelOne, Carbon Black).
• Hands-on experience with Microsoft Entra ID, including Conditional Access policy configuration, sign-in log analysis, and user/group lifecycle management.
• Familiarity with ITSM platforms (ServiceNow, Jira Service Management) and ITIL-aligned processes.
• Additional certifications such as CompTIA CySA+, Microsoft AZ-900, or Zscaler certifications.
• Experience creating process flows, swim-lane diagrams, or workflow automations for IT operations.