Senior Security Operations Engineer

The Senior Security Operations Engineer will serve as B360's senior hands-on cyber operations and security engineering resource supporting NIGC's hybrid on-premises and Microsoft cloud environment. The position is responsible for architecting, implementing, configuring, tuning, maintaining, and operationally managing enterprise security operations tools and capabilities in a production federal environment. This role is not limited to analysis, governance, policy, compliance, or incident coordination; it requires direct technical ownership of deployed security tools, monitoring pipelines, logging, alerting, threat detection, endpoint protection, network security visibility, cloud security controls, and operational security documentation. Added direct language requiring hands-on production experience with enterprise cyber operations tools, including SIEM, EDR, IDS/IPS, vulnerability management, log management, security monitoring, and cloud security technologies. This language should be retained in the revised technical quote and mapped to the actual proposed individual's resume examples., * Security tool architecture and deployment: Architect, implement, configure, and maintain SIEM/log management integrations, Syslog collection, EDR, NDR, IDS/IPS, firewall security monitoring, Microsoft 365 security, Defender for Cloud, and CDM-related capabilities.

• SIEM and log management: Configure log ingestion from servers, endpoints, cloud services, firewalls, VPN, identity platforms, and security tools; validate log completeness, retention, parsing, normalization, correlation, alert routing, and investigation support.
• Endpoint and network detection: Administer and tune EDR/NDR policies, detection logic, response actions, exclusions, sensor health, endpoint coverage, alert severity mapping, and escalation paths.
• Vulnerability and security posture operations: Support vulnerability scanning, risk prioritization, remediation tracking, POA&M support, patch-risk coordination, and validation that security controls remain operationally effective.
• Cloud security operations: Configure and monitor Microsoft cloud security controls, including Microsoft 365 security capabilities, Defender for Cloud, Azure/Entra security telemetry, conditional access-related security signals, and cloud posture recommendations.
• Detection engineering and automation: Develop detection and response configuration policies, improve alert automation, support SOAR-style workflows where available, reduce false positives, and strengthen actionable alerting.
• Threat hunting and incident response: Monitor systems for suspicious activity, conduct recurring threat hunts, analyze aggregated logs, support incident response actions under the NIGC incident response plan, and develop/maintain incident handling procedures.
• Operational documentation: Prepare and maintain cyber operations SOPs, daily/weekly monitoring procedures, escalation runbooks, tuning records, incident handling procedures, threat reports, security metrics, and security posture documentation.

Do you have experience in Windows?, Do you have a Bachelor's degree?, * Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Network Engineering, Cloud Computing, or a closely related technical field preferred.

• Industry-recognized certifications may supplement or substitute for formal education where permitted, but demonstrated hands-on performance of the required tasks is mandatory and cannot be substituted.
• Preferred certifications: CISSP, CompTIA Security+, CySA+, CASP+/SecurityX, CCNA/CCNP Security, Microsoft Certified: Azure Security Engineer Associate, Microsoft Security Operations Analyst, Splunk, Sentinel, CrowdStrike, Palo Alto, Fortinet, Cisco security, Tenable/Nessus, or equivalent role-relevant certifications.

Professional Experience Requirements

• Minimum 6 Years of senior-level cybersecurity operations, security engineering, SOC engineering, cloud security, network security, or equivalent production cyber operations experience.
• Demonstrated hands-on experience architecting, deploying, configuring, administering, tuning, maintaining, and operationally managing security operations capabilities within live enterprise environments.
• Hands-on experience supporting daily cyber operations, including security monitoring, log aggregation, alert tuning, incident triage support, threat hunting, operational metrics, detection engineering, and continuous monitoring.
• Direct experience supporting hybrid environments that include on-premises network infrastructure, Microsoft cloud technologies, identity services, servers, endpoints, and remote access capabilities.
• Experience applying NIST, FISMA, CISA directives, federal security policies, executive orders, binding operational directives, and CDM-related security expectations in operational security environments., * Security operations engineering; SOC tool administration; SIEM/log management; detection engineering; alert tuning; incident response support; continuous monitoring; threat hunting.
• Hybrid security operations across Cisco networking/firewalls, Microsoft Azure, Microsoft 365, Entra ID, VPN, Windows/Linux servers, VMware, and endpoint environments.
• Ability to configure operational controls and translate tool outputs into corrective action recommendations for the CISO, Privacy Officer, System Owner, and Federal Task Manager.
• Strong technical writing skills for SOPs, runbooks, dashboards, security metrics, incident documentation, and executive-level threat reporting.

3.6 Tools / Software / Platforms

• SIEM/log management: Microsoft Sentinel, Splunk, Elastic, Wazuh, Syslog, or equivalent.
• Endpoint security / EDR: Microsoft Defender for Endpoint, SentinelOne, CrowdStrike, Carbon Black, or equivalent.
• Network security / NDR / IDS/IPS: Cisco security tools, firewall logging, network detection and response platforms, Snort/Suricata/Security Onion, or equivalent.
• Cloud security: Microsoft 365 security, Defender for Cloud, Azure security monitoring, Entra ID security signals, CDM tools, and cloud-native logging.
• Vulnerability management: Tenable/Nessus/ACAS, Qualys, Defender Vulnerability Management, or equivalent.
• Infrastructure and automation: Cisco firewall/networking, Windows/Linux, VMware, PowerShell, ServiceNow, ticketing/workflow tools, SharePoint/Confluence documentation repositories., * GAO cost estimating and assesment Guide: 2 years (Preferred)
• IT cost Estimating: 5 years (Preferred)