Security Operations Engineer in San Antonio

Energy Jobline
San Antonio, United States of America
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Remote
San Antonio, United States of America

Tech stack

JIRA
Network Analysis
Computer Security
Data Normalization
Issue Tracking Systems
Intrusion Detection and Prevention
Intrusion Detection Systems
Network Security
Packet Analyzer
Security Information and Event Management
Mitre Att&ck
Cyber Threat Analysis
Microsoft Sentinel
Data Management
Firepower
SentinelOne Expertise
Cisco networks

Job description

We are seeking an experienced Network Security Engineer for a hybrid contract opportunity in San Antonio, Texas.

  • Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
  • Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and command-and-control activity.
  • Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
  • Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligence-driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
  • Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
  • Support SOC operations by providing detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide network-level evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, and platform health assessments.
  • Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
  • Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps

Candidate must be a U.S. , pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data-handling requirements. Occasional after-hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.

Requirements

  • 5 years of SOC operations experience
  • 5 years of Hands-on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false-positive reduction, and threat-driven detection improvements.
  • 5 years of Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.
  • 5 years of Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.
  • 5 years of Threat intelligence application expertise
  • 5 years of Develop detection logic aligned with adversary TTPs, * 5 years Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
  • 5 years Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
  • 5 years Perform packet-level analysis to validate alerts and identify malicious activity
  • 5 years Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence
  • 5 years Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation
  • 4 years Security Certifications (CISSP, CEH, GISF, GSEC, CySA+, Sec+), Apply now if you're a clear communicator, problem solver, and ready to work in a hybrid environment in San Antonio, Texas!

Benefits & conditions

Sistema offers competitive pay and solid benefits, including medical, dental, and vision coverage. We keep things simple, focus on people, and prioritize long-term relationships with our clients and consultants.

Apply for this position