WithMiraBuscador de vagas remotas de TI
RT²

Security Engineer

Vaga remota de Security Operations com fit claro de localização do candidato.

Publicada8 de jun. de 2026
Países elegíveis1 país aceito
Sinal de senioridadeMiddle
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Estados Unidos
AzurePython
Resumo da vaga

Security Engineer

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Security Operations & Monitoring

  • Monitor and triage alerts across Microsoft Defender, Sentinel, Huntress/MDR, Wiz, Datadog, Jira, and Slack channels.
  • Validate alert severity, business impact, affected assets, containment status, and escalation requirements.
  • Coordinate security events from initial triage through containment, documentation, closure, and post-incident follow-up.
  • Support daily dashboard review, security ticket queues, alert quality checks, and operational reporting.

Detection Engineering & Tuning

  • Develop, tune, and maintain detection logic in Huntress, Defender, KQL, and related tools.
  • Reduce false positives and alert noise by reviewing recurring detections, suppression logic, enrichment opportunities, and escalation criteria.
  • Help build and improve alert runbooks, investigation workflows, and playbooks for phishing, malware, suspicious sign-ins, cloud exposure, endpoint events, and account compromise.
  • Support basic SOAR/automation efforts using Logic Apps, playbooks, webhooks, or other workflow tools.

Incident Response & Production Security

  • Assist with incident response for endpoint, identity, cloud, email, and suspicious activity events.
  • Coordinate containment actions such as endpoint isolation, identity reset, access revocation, escalation to Tier 2/Tier 3 SOC, and follow-up remediation.
  • Maintain incident timelines, evidence, RCA notes, lessons learned, and closure documentation.
  • Help ensure P1/P2 incidents have clear communication, structured Slack threads, linked Jira tickets, and documented executive summaries when needed.

Cloud, Identity & Endpoint Security

  • Support security operations across Microsoft Defender, Microsoft Entra ID, Microsoft 365, Azure, endpoint protection, and cloud risk tools.
  • Help review suspicious sign-ins, MFA/SSO issues, risky users, privileged account activity, and access control gaps.
  • Assist with cloud exposure triage from Wiz or similar tools, including severity validation, ticket routing, and remediation tracking.
  • Support least-privilege reviews, conditional access validation, endpoint security posture, and security control checks.

Production Readiness & Change Support

  • Support the Day 0 / Day 1 / Day 2 operating model by helping confirm that new systems and changes are ready for production from a security operations perspective.
  • Review or help prepare monitoring requirements, alert runbooks, support escalation paths, rollback considerations, security validation evidence, and operational handoff materials.
  • Work with architecture, engineering, and operations teams to ensure production changes are documented, traceable, and supportable.
  • Help maintain CMDB/Jira asset relationships, monitoring links, runbook references, and security control mappings where needed. Realtime’s configuration management materials specifically call out CMDB accuracy, monitoring coverage, alert routing, runbook linkage, support RACI, SLA/SLO mapping, and operational acceptance as part of Day 2 readiness.
  • Documentation, Metrics & Continuous Improvement
  • Create and maintain security runbooks, knowledge base articles, investigation guides, escalation procedures, and incident templates.
  • Track and report operational metrics such as alert volume, false positives, SLA breaches, time to acknowledge, time to isolate, time to contain, and closure quality.
  • Identify recurring issues and recommend improvements to detections, workflows, tooling, dashboards, and team processes.
  • Help mentor the Junior Analyst by reviewing tickets, improving triage quality, and sharing investigation techniques.

Required Qualifications

  • 3–5 years of experience in SOC operations, security operations, production support, security engineering, or a similar hands-on cybersecurity role.
  • Experience with Microsoft security tools such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Microsoft 365 security, or Azure security services.
  • Ability to investigate alerts using SIEM/EDR data, KQL, logs, endpoint telemetry, identity logs, and cloud signals.
  • Experience with incident triage, phishing investigations, malware alerts, suspicious sign-ins, endpoint events, and escalation workflows.
  • Basic understanding of cloud security, identity security, MFA, SSO, conditional access, endpoint protection, and vulnerability/cloud exposure management.
  • Ability to write clear documentation, incident notes, runbooks, ticket updates, and executive-ready summaries.
  • Comfortable working in a small team where priorities change, and the person may need to support operations, engineering, documentation, and coordination.
  • Strong communication skills and ability to work across Slack, Jira, Teams, security tools, managed SOC providers, engineers, and business stakeholders.

Preferred Qualifications:

  • Experience with Identity management, Defender, KQL, Logic Apps, SOAR/playbook automation, or detection tuning.
  • Experience with tools such as Huntress, Wiz, Datadog, Jira Service Management, Slack, OpenIAM
  • Security+, Microsoft SC-200, CySA+, GCIH, Microsoft AZ-500, CCSP, CISSP, or similar certifications.
  • Exposure to ITIL, change management, ARB/CAB processes, CMDB, production readiness, or operational handoff.
  • Basic scripting or automation experience with PowerShell, Python, Logic Apps, APIs, or workflow automation.
  • Experience working in an MSSP, MDR, SOC, or 24/7 operations environment.

What We Offer:

  • A unique opportunity to shape the journey of realtime

What We Offer:

  • Working within a rapidly growing, game-changing business

What We Offer:

  • Remote, flexible working options

What We Offer:

  • Competitive compensation

What We Offer:

  • Generous STI and LTI provisions

What We Offer:

  • Health, Dental and Vision Insurance

What We Offer:

  • Paid Annual Leave

What We Offer:

  • Paid Sick Leave

What We Offer:

  • 401K, and more
Vagas similares

Mantenha uma lista reserva.

Ver stack
Azure, Python 8 países aceitos
Senior DevOps EngineerFionet
4 de jun. de 2026 Aplicação pelo WithMira
Ver vaga
Azure USA
Staff Backend Engineer- Session Replay| USA| RemoteGrafana Labs
Adicionada recentemente Aplicação no site da empresa
Ver vaga
Azure USA
Staff Backend Engineer- Session Replay| Canada| RemoteGrafana Labs
Adicionada recentemente Aplicação no site da empresa
Ver vaga
Python 5 países aceitos
Senior Full Stack EngineerOpsvis
9 de jun. de 2026 Aplicação pelo WithMira
Ver vaga
FocoSecurity OperationsÁrea da vaga
Sinal de senioridadeMiddleNível do candidato
StackAzure, PythonSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

AzurePython

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Estados Unidos

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Mais vagas abertas para Estados UnidosMais vagas de AzureMais vagas de Python
Aplicar no site da empresaSite da empresaAbrir link