Staff Security Engineer

Please login or register as jobseeker to apply for this job.

TYPE OF WORK

Full Time

SALARY

$2,000 – $3,500 per month (USD)

HOURS PER WEEK

40

DATE UPDATED

Jul 10, 2026

JOB OVERVIEW

OVERVIEW

The number one goal of everyone on our team is to deliver an exceptional service and experience to our clients. The Staff Security Engineer plays a critical role in achieving that by leading the technical security work that keeps our clients protected, and proving that protection every day.

This is the most senior individual-contributor role on the security team. The Staff Security Engineer sets technical direction for detection, response, and hardening, builds and tunes the tooling our SOC relies on, and leads investigations when something serious happens.

We believe identity is the first line of defense, and this role owns much of that thesis in practice: strong detections, fast response, and continuous hardening across identity, endpoint, network, and email.

Beyond hands-on engineering, this role mentors junior SOC analysts, develops the procedures the team runs on, and supports the compliance and reporting work that demonstrates security value to clients and auditors.

RESPONSIBILITIES & TASKS

DETECTION & SECURITY ENGINEERING
- Build, tune, and maintain detections across the security stack to catch real threats and reduce noise
- Own the configuration and health of SOC tooling spanning EDR, application control, endpoint hardening, identity, and network security
- Develop and maintain detection logic, alerting rules, and automated response actions
- Lead threat hunting across client environments to find what automated detections miss
- Drive continuous hardening across identity (Okta, Beyond Identity, Entra ID), endpoint (CrowdStrike, ThreatLocker, Senteon), and network (Cato Networks, FortiGate, Island Enterprise Browser)

I ---------- RESPONSE
- Serve as the senior technical lead during security i ---------- and investigations
- Lead containment, eradication, and recovery for confirmed compromises
- Conduct root-cause analysis and produce clear post-i ---------- findings
- Translate i ---------- lessons into improved detections and procedures

VULNERABILITY & POSTURE MANAGEMENT
- Lead the vulnerability management program: scanning, prioritization, and remediation tracking
- Assess client environments against recognized frameworks (NIST, CIS) and identify gaps
- Leverage GRC tooling (Vanta, Drata) to track posture, manage evidence, and support compliance programs
- Recommend and help implement security improvements that measurably reduce risk

SOC PROCEDURES & DOCUMENTATION
- Develop and maintain SOC runbooks and investigation procedures
- Document detections, response steps, and tooling configuration in the team's documentation systems
- Ensure all investigations and actions are accurately tracked in Pylon
- Build repeatable, teachable processes so the team responds consistently

COMPLIANCE & REPORTING
Support compliance and evidence work using Vanta and Drata (frameworks, attestations, cyber insurance requirements)
Contribute security data and narrative to client reporting and business reviews
Help translate technical security posture into business-level risk language

COMMUNICATION, REPORTING & RISK MANAGEMENT
- Identify and proactively communicate security risks and gaps
- Escalate significant findings and i ---------- to the CISO / vCISO
- Provide clear updates during active investigations
- Ensure alignment between security work and client risk priorities

TEAMWORK & LEADERSHIP
- Mentor and coach junior SOC analysts on investigation and detection skills
- Set the technical standard for quality and rigor on the security team
- Follow and contribute to Standard Operating Procedures (SOPs)
- Contribute to innovation and continuous improvement initiatives

SKILLS AND ATTRIBUTES

REQUIRED
- Strong hands-on experience in security operations, detection engineering, or i ---------- respons
- Deep identity security experience: Okta, Beyond Identity, Entra ID, Conditional Access, token and session attack patterns
- Hands-on experience with enterprise EDR (CrowdStrike or equivalent) and endpoint investigation
- Experience with application control and endpoint hardening (ThreatLocker, Senteon, or equivalent)
- Working knowledge of SASE/SD-WAN and network security tooling (Cato Networks, FortiGate)
- Multi-platform device management experience (NinjaOne, Addigy, Intune, Apple Business Manager
- Experience with GRC and compliance platforms (Vanta, Drata, or equivalent)
- I ---------- response experience across identity, endpoint, and network
- Vulnerability management and hardening experience
- Working knowledge of frameworks such as NIST CSF and CIS Controls
- Scripting and automation experience (PowerShell preferred)
- Excellent communication skills, including writing clear findings for non-technical audiences
- A deep desire to deliver an exceptional client experience

NICE TO HAVE
- Experience working in a Managed Service Provider (MSP) or MSSP environment
- Hands-on experience with tools in our stack (CrowdStrike Flight Control, ThreatLocker, Senteon, Okta, Beyond Identity, Cato - Networks, Island Enterprise Browser, Vanta, Drata)
- Certifications such as:
- Security (Security+, CySA+, GCIH, GCIA, or equivalent)
- Microsoft security (SC-200, SC-300, AZ-500)
- Identity / IAM (Okta certifications or equivalent)
- CrowdStrike certifications (CCFA, CCFR, or similar)
- Experience contributing to compliance programs or audits
- Experience with, or a strong interest in, working on LLM-based (Large Language Model) projects, including evaluating, implementing, or integrating AI-driven solutions such as automation workflows, data analysis, knowledge retrieval, and conversational systems into business or technical environments.

Note: When reaching out, please include your CV and your DISC assessment. Thanks!

VIEW OTHER JOB POSTS FROM:
SHARE THIS POST
facebook linkedin
  BENCHMARKS  
Loading Time: Base Classes  0.0008
Controller Execution Time ( Jobseekers / Job )  0.0233
Total Execution Time  0.0247
  GET DATA  
No GET data exists
  MEMORY USAGE  
1,515,256 bytes
  POST DATA  
No POST data exists
  URI STRING  
jobseekers/job/Staff-Security-Engineer-1672416
  CLASS/METHOD  
jobseekers/job
  DATABASE:  onlinejobs (Jobseekers:$db)   QUERIES: 13 (0.0159 seconds)  (Hide)
0.0009   SELECT *
                                
FROM exrates
                                WHERE rate_name 
'USD-PHP' 
0.0009   SELECT *
FROM `employer_jobs`
WHERE `job_id` = 1672416
 LIMIT 1 
0.0010   SELECT *
FROM `employers`
WHERE `employer_id` = 898029
 LIMIT 1 
0.0020   SELECT COUNT(*) AS `numrows`
FROM `t_thread` `t`
LEFT JOIN `t_thread_misc` `miscON `t`.`id` = `misc`.`thread_id`
WHERE `t`.`job_id` = 1672416
AND `misc`.`idIS NULL 
0.0011   SELECT e.business_namee.logoe.websitee.rebill_datee.date_added member_datehitsDATEDIFF('2026-07-13',ej.date_added) duration_daysDATEDIFF('2026-07-13',e.rebill_date) duration_rebillej.*, e.deactivate FROM employers eemployer_jobs ej WHERE e.employer_id ej.employer_id AND
                                   ((
e.user_level >= '500' AND ej.date_added <= e.rebill_date)
                                   OR 
e.employer_id '' OR (ej.date_approved <> '2000-01-01' and DATEDIFF('2026-07-13',ej.date_added) <= 14 ))
                                   AND 
e.deactivate != AND ej.deleted AND job_id '1672416' 
0.0012   SELECT *
FROM `employer_jobs_skills` `ejs`
LEFT JOIN `skills_categories` `scON `ejs`.`skill_id` = `sc`.`id`
WHERE `job_id` = 1672416 
0.0021   UPDATE employer_jobs SET hit_counts '***Jun-19-2026=386***Jun-20-2026=45***Jun-21-2026=19***Jun-22-2026=35***Jun-23-2026=38***Jun-24-2026=21***Jun-25-2026=8***Jun-26-2026=7***Jun-27-2026=6***Jun-28-2026=11***Jun-29-2026=17***Jun-30-2026=13***Jul-01-2026=172***Jul-02-2026=46***Jul-03-2026=34***Jul-04-2026=12***Jul-05-2026=13***Jul-06-2026=10***Jul-07-2026=20***Jul-08-2026=14***Jul-09-2026=9***Jul-10-2026=247***Jul-11-2026=40***Jul-13-2026=1' WHERE job_id'1672416'  
0.0011   UPDATE employer_jobs SET monthly_hits '***Jun-2026=606***Jul-2026=617' WHERE job_id'1672416'  
0.0013   SELECT date_sent FROM jobseeker_sent_emails WHERE jobseeker_id '' AND job_id '1672416' AND status LIKE 'sent%' ORDER BY id DESC  
0.0008   SELECT *
FROM `employer_jobs_skills` `ejs`
LEFT JOIN `skills_categories` `scON `ejs`.`skill_id` = `sc`.`id`
WHERE `job_id` = 1672416 
0.0017   SELECT COUNT(*) AS `numrows`
FROM `employer_jobs`
WHERE `employer_id` = '898029'
AND `date_added` >= '2022-06-08' 
0.0009   select from teasers 
0.0008   SELECT FROM skill_categories WHERE skill_cat_id='' 
  HTTP HEADERS  (Show)
  SESSION DATA  (Show)
  CONFIG VARIABLES  (Show)