Security Operations Engineer

• The Senior Security Operations Engineer is responsible for architecting, implementing, configuring, administering, tuning, and operationally managing enterprise cybersecurity technologies within complex production environments.
• This role requires extensive hands-on technical experience supporting cyber operations and maintaining operational security platforms across on-premises, hybrid, and cloud infrastructures.

Key Responsibilities

Architect, deploy, configure, administer, and maintain enterprise security operations tools and technologies in production environments.

Manage and optimize Security Information and Event Management (SIEM) platforms including log ingestion, correlation rules, alert tuning, dashboard development, use-case creation, and operational monitoring.

Deploy, administer, and maintain Endpoint Detection and Response (EDR) solutions to support endpoint visibility, threat detection, containment, and remediation activities.

Configure and manage Intrusion Detection and Prevention Systems (IDS/IPS), network security monitoring tools, and threat detection technologies to identify and respond to malicious activity.

Administer vulnerability management platforms, conduct authenticated and unauthenticated vulnerability scans, validate remediation activities, and support enterprise vulnerability reduction initiatives.

Manage enterprise log management and security monitoring platforms, ensuring collection, normalization, retention, and analysis of security-relevant telemetry across servers, endpoints, applications, cloud platforms, and network devices.

Implement and support cloud security technologies across AWS, Azure, and/or Google Cloud environments, including cloud-native monitoring, workload protection, identity security, and compliance monitoring capabilities.

Perform hands-on system integration, tool deployment, platform upgrades, patching, troubleshooting, and operational maintenance activities for security technologies.

Develop detection engineering content including SIEM correlation rules, EDR detections, IOC-based alerts, behavioral analytics, and automated response workflows.

Support cyber operations activities including continuous monitoring, threat hunting, incident detection, containment, eradication, and recovery efforts.

Collaborate with infrastructure, network, cloud, and application teams to integrate security controls and improve enterprise security posture.

Create technical documentation, standard operating procedures, architecture diagrams, implementation guides, and operational runbooks.

Demonstrated hands-on experience implementing and operating enterprise cybersecurity tools in production environments.

Strong operational experience with technologies such as:

• SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, ArcSight)
• EDR platforms (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne)
• IDS/IPS technologies (e.g., Snort, Suricata, Palo Alto, Cisco Firepower)
• Vulnerability management tools (e.g., Tenable Nessus, Qualys, Rapid7)
• Log management and monitoring solutions
• SOAR and security automation platforms
• Cloud security platforms and native cloud security tooling

Since 2000, Tri-Force Consulting Services () has been an MBE/SDB certified IT Consulting firm in the Philadelphia region. Tri-Force specializes in IT staffing, software development (web and mobile apps), systems integration, data analytics, system automation, cybersecurity, and cloud technology solutions for government and commercial clients. Tri-Force works with clients to overcome obstacles such as increasing productivity, increasing efficiencies through automation, and lowering costs. Our clients benefit from our three distinguishing core values: integrity, diligence, and technological excellence. Tri-Force is a six-time winner among the fastest-growing companies in Philadelphia and a four-time winner on the Inc. 5000 list of the nation's fastest-growing companies.