Senior / Lead Defensive Security Engineer (Remote)

Senior / Lead Defensive Security Engineer (Remote) About the Role We're looking for a Senior or Lead Security Engineer focused on Defensive Security (Blue Team / SOC) to own our security detection, monitoring, and incident response capabilities across infrastructure, cloud environments, and corporate systems. This role focuses on threat detection engineering, incident response, threat hunting, and security monitoring, with direct responsibility for supporting ISO/IEC 27001 and PCI DSS requirements for logging, monitoring, and incident management. At E2, you independently execute detection and incident response activities, build detection content, and operate SIEM/SOAR platforms. At E3, you act as a technical leader for Blue Team and SOC capabilities, setting detection strategy, defining response metrics, and mentoring others on incident response and threat hunting. What You'll Do - Own detection & response posture — Design, implement, and continuously improve detection and monitoring capabilities across cloud, endpoints, and networks - Lead incident response — Handle security incidents end-to-end: triage, containment, eradication, recovery, forensics, and post-incident reviews - Build detection engineering capabilities — Create, tune, and maintain SIEM correlation rules, alerts, and automated response workflows (SOAR) - Threat hunting & intelligence — Perform advanced threat hunting and operationalize threat intelligence platforms and external feeds - Develop detection content — Maintain detection artifacts, including YARA rules, signatures, and behavioral detections aligned with MITRE ATT&CK - Define security metrics — Track and improve SOC and IR KPIs (MTTD, MTTR, alert fidelity, false positives) and build dashboards for visibility - Support compliance — Review, validate, and provide evidence for ISO/IEC 27001 and PCI DSS controls related to logging, monitoring, and incident response - Improve visibility — Ensure proper logging, telemetry, and signal quality across AWS, operating systems, and network layers - Post-incident improvement — Lead post-mortems and continuously improve detection, response playbooks, and procedures - Mentor and guide — Coach engineers and security team members on incident response, detection engineering, and threat hunting best practices - Detect and respond to exploitation attempts related to common web application risks (OWASP Top 10) using logs, alerts, and incident analysis What We're Looking For Technical - 3+ years in Blue Team, SOC, or Incident Response roles (5+ years for E3) - Strong experience with SIEM and SOAR tools (rule creation, tuning, automation) - Proven experience in incident response operations and security monitoring - Experience with threat intelligence platforms and threat feeds, and their use in detection and response - Strong experience performing advanced threat hunting techniques - Hands-on experience creating and maintaining detection content, including YARA rules - Ability to define and measure security and incident response metrics - Experience building security dashboards for SOC and IR visibility - Solid understanding of logging pipelines, telemetry, and event analysis - Familiarity with MITRE ATT&CK and attacker techniques - Experience supporting PCI DSS and ISO/IEC 27001 controls related to monitoring, logging, and incident response - Cloud security fundamentals (AWS preferred: CloudTrail, GuardDuty, Security Hub, IAM logging) - Scripting skills for automation (Python, Bash) AI Fluency - Uses AI tools for log analysis, threat detection, and incident response automation - Understands AI-related security risks (data leakage, model abuse, misuse of AI tools) - Applies AI to accelerate threat hunting and incident analysis - Stays current on emerging AI security threats relevant to SOC operations Leadership & Communication - Experience communicating incidents, risks, and metrics to technical and non-technical stakeholders - Comforta ... (truncated, view full listing at source)