Security Incident Response Orchestration Lead at Bank of America defining automation for security incident workflows with a focus on Splunk SOAR and Tines. Collaborating with security operations and engineering teams to implement scalable solutions.
About the role
- Senior Security Operations Engineer at Field Nation; leading security operations and incident response to enhance cybersecurity posture.
Responsibilities
- Serve as the final escalation point for complex security incidents — leading containment, eradication, recovery, and post-incident review, and coordinating response across engineering, IT, legal, and leadership.
- Perform digital forensics (disk, memory, network, and cloud) to determine root cause, support evidence preservation, and produce clear findings for technical and non-technical stakeholders.
- Participate in a formal on-call rotation, serving as the primary responder for critical security incidents outside of business hours.
- Own detection engineering: write and maintain SIEM correlation rules, develop behavioral analytics, and manage detection-as-code pipelines that keep pace with an evolving threat landscape.
- Monitor and tune EDR, SIEM, and cloud-native security tooling (SentinelOne, Wiz Defend, AWS GuardDuty, DataDog) to maintain high-confidence detections and reduce alert fatigue.
- Conduct proactive, hypothesis-driven threat hunts using MITRE ATT&CK, threat intelligence feeds, and behavioral analytics across endpoints, network, and cloud environments.
- Build and maintain SOAR playbooks that automate high-volume, repetitive response workflows — reducing analyst toil and improving response consistency.
- Identify and implement agentic workflows that accelerate security operations — building LLM-powered automation for alert triage, attack chain summarization, detection logic generation, and runbook drafting, with appropriate human-in-the-loop controls and output validation before any AI-generated security content is acted on.
- Own detection and response coverage for AI-specific threats — building detection rules for AI application anomalies, prompt injection attempts, excessive agent permission use, and RAG pipeline abuse, mapped against the OWASP LLM Top 10 and MITRE ATLAS framework to identify and close detection coverage gaps.
- Use AI coding assistants (Claude Code and GitHub Copilot) as force-multipliers in your daily workflow — drafting automation scripts, detection rules, and infrastructure code, while applying the same critical review to AI-generated output as you would to any peer pull request.
- Maintain clear, rigorous documentation — incident reports, threat hunt findings, detection rationale, and runbooks — that builds organizational knowledge and supports audit readiness.
Requirements
- Bachelor’s Degree in Computer Science, Cybersecurity, Information Systems, or related discipline, or equivalent experience.
- Minimum of 5 years of experience in cybersecurity, with at least 3 years focused on security operations, incident response, or a SOC environment.
- Hands-on depth with SIEM platforms — Splunk (SPL), Microsoft Sentinel (KQL), or equivalent — including building and tuning complex correlation rules, not just running queries.
- Practical experience with EDR platforms (SentinelOne strongly preferred) and a solid understanding of endpoint telemetry, memory processes, and detection tuning across Windows, macOS, and Linux.
- Proficiency in Python for scripting detection logic, automation workflows, and investigation tooling. PowerShell and Bash proficiency a plus.
- Working knowledge of SOAR platforms (Splunk SOAR/Phantom, Cortex XSOAR, or similar) and demonstrated ability to build — not just execute — automated playbooks.
- Solid grounding in AWS security services (GuardDuty, Security Hub, CloudTrail, IAM) and experience conducting investigations in cloud-native environments.
- Deep familiarity with MITRE ATT&CK as a practical framework for threat hunting, detection coverage mapping, and adversary emulation — not just as a reference.
- Experience performing digital forensics, including evidence collection, memory analysis, log correlation, and articulating findings in written and verbal post-incident reviews.
- Relevant certifications valued: CISSP, GCIH, GCFA, GREM, OSCP, or cloud security credentials (AWS Security Specialty). Preferred but not required.
- Creative problem solver who questions inherited processes and redesigns them for scale. You see alert fatigue as an engineering problem, not an analyst problem.
- Proven ability to operate with urgency and clarity under pressure, lead cross-functional response without direct authority, and keep stakeholders informed without overwhelming them.
- Familiarity with AI coding assistants (Claude Code, GitHub Copilot, or equivalent) as active workflow tools — directing them for complex tasks like automation scripting, detection drafting, and technical documentation, with the judgment to know when to trust the output and when to rewrite it.
- Working familiarity with the OWASP LLM Top 10 and MITRE ATLAS framework as practical tools for threat modeling LLM-backed systems and identifying detection coverage gaps. Curiosity about agentic SOC automation valued over deep prior expertise.
- Strong written and verbal communicator who translates complex threat scenarios into language that resonates with engineers, executives, and board members alike. You elevate the team around you through coaching and knowledge sharing.
Benefits
- Field Nation LLC Performance Reward – Because every citizen of Field Nation deserves a stake in the win!
- Festival Bonus – Celebrate the big festivals with some extra cheer (and cash!).
- Referral Bonus – Incentives for successful employee referrals.
- Gratuity – Honoring your long-term dedication
- Leave Encashment – Opportunity to encash unused annual leave balance at year-end.
- Medical Insurance – Comprehensive health coverage for employees and their immediate family (spouse and children).
- Gym Membership – Stay fit, active, and energized.
- Complimentary Lunch / Dinner – Because good work needs good food.
- Unlimited Tea & Coffee – Keep the energy flowing.
- Transportation – Helping you get to work hassle-free.
- Mobile Data Allowance – Allowances to ensure connectivity.
- Career Development Budget – Dedicated funds for professional learning and growth.
- Work Model: Hybrid (2 days in-office, 3 days remote per week) – balance is key.
- Summer & Winter Field Weeks – Two annual team retreats to connect, collaborate, and recharge.
- Quarterly Team Outing Budget – Enjoy exciting activities and quality time with your team to bond, relax and celebrate together.
- Occasional Gifts – Surprises and gifts to celebrate milestones & welcome new faces.
- Maternity Leave
- Paternity Leave
- Hajj/Umrah Leave
- Paid Time Off – Take the time you need! Covers annual, casual, and sick leave so you can recharge and come back ready to shine.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
SOC Analyst II providing tier II cybersecurity support in a Security Operations Center environment. Conducting vulnerability assessments and analyzing cyber threats while training junior staff members.
Security Operations Analyst responsible for monitoring and responding to cybersecurity threats. Ensuring the confidentiality, integrity, and availability of data per compliance standards.
SOC Analyst responsible for cybersecurity incident management at Algosystems in Greece. Monitoring security threats, conducting investigations, and improving SOC services.
Cyber Operations Lead ensuring coordination of cyber operations between the Security Operations Center and internal business units. Enhancing security through effective incident response and threat management initiatives.
Solution Sales Manager enhancing revenue in financial services, focusing on ServiceNow IRM and Tanium solutions. Collaborating with teams and engaging C - level executives in Austria and Switzerland.
Senior Internal SOC Analyst leading security triage and investigations for Darktrace, utilizing AI - driven cybersecurity technology. Collaborating on incident response and mentorship within a hybrid work environment.
Security Operations Intern responsible for security monitoring at Paddy Power Betfair. Involves data loss prevention investigations and content filtering analysis with a commitment to improving security posture.
SOC Analyst L3 managing and analyzing security events and incidents for Var Group. Responsible for incident management and proactive threat analysis.
SOC Analyst L2 responsible for managing and analyzing security incidents in digital transformation. Contributing directly to the protection of companies and infrastructures.