Senior Security Operations Engineer at Dispel | Torre
warning

Heads-up

The job you’re trying to post already exists in Torre:

Senior Security Operations Engineer

You'll mature critical SOC operations, protecting vital infrastructure with cutting-edge cybersecurity.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Full-time

Legal agreement: Employment

Compensation
USD136k - 155k/year
location_on
Remote (for United States residents)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Shared by
Emma of Torre.ai
about 2 months ago

Requirements and responsibilities


Location: Remote (US-based)About Dispel:Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology — referenced in NIST 800-172 — protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of US baby formula, and major defense contracts including a $950M IDIQ with the US Air Force.Why This Role Exists:Dispel is pursuing FedRAMP High authorization while simultaneously operating a commercial security program. We have a functioning SOC built on Google SecOps (Chronicle) and SentinelOne, but we need a senior IC who can take it from "stood up" to "operationally mature." You'll own the log ingestion pipeline end-to-end and drive material expansion of coverage across federal and commercial environments, including AWS, Azure, and Entra ID.This person will be the day-to-day technical owner of SOC operations, responsible for closing coverage gaps, building detections, maturing incident response, and providing senior technical direction to the existing SOC analyst. This is a hands-on-keyboard role with leadership expectations — you will not formally manage people, but you will set priorities, review deliverables, and drive execution across the SOC function.RequirementsKey Responsibilities:SIEM/SOAR Operations (Google SecOps)Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, maintain coverage dashboardsClose the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaSActivate and configure SecOps SOAR capabilities including Domain-Wide Delegation, marketplace integrations, and bidirectional response actionsBuild and maintain SOAR playbooks for major incident types such as phishing, malware, account compromise, lateral movement, and cloud-specific threatsDevelop and maintain operational dashboards for SOC metrics, alert volumes, MTTA/MTTR, and coverage statusManage Google SecOps RBACDetection EngineeringBuild and deploy production detection rules mapped to MITRE ATT&CK within the first yearDevelop custom parsers for AWS-native security services including GuardDuty, Security Hub, Inspector, WAF, CloudTrail, and VPC Flow LogsEstablish a detection lifecycle including proposal, testing, deployment, tuning, and retirementConduct quarterly detection quality reviews to measure false positive rates, coverage gaps, and rule healthDevelop alert threshold optimization to reduce noise and analyst fatigueEndpoint Detection and Response (SentinelOne)Drive SentinelOne deployment across Azure VMs in commercial environments and all federal endpointsConfigure and operationalize Cloud Funnel for log export into Google SecOpsBuild correlation rules between EDR alerts and SIEM detectionsManage SentinelOne RBAC groups and policy configurationCoordinate with IT on agent deployment, health monitoring, and version managementIncident ResponseServe as senior escalation point for SOC incidents, ensuring investigations are thorough and reports include root cause, remediation actions, credential rotation plans, and follow-up timelinesImprove MTTA and MTTR through process optimization, better tooling, and analyst developmentLead quarterly tabletop exercises and after-action reviewsMaintain and improve incident response runbooks for all major incident categoriesIntegrate incident response workflows with Jira Service Management for tracking and escalationVulnerability ManagementOperationalize monthly scanning cadence across all environments using tools such as Nessus, AWS Inspector, and Azure DefenderDefine and enforce remediation SLAs by severity: Critical within 72 hours, High within 7 days, Medium within 30 daysBuild consolidated vulnerability dashboards in Google SecOpsTrack SLA compliance and report metrics to the CISOCoordinate remediation with engineering and infrastructure teamsMSSP OversightServe as primary technical interface with MSSP partner for 24/7 SOC coverageDefine and hold the MSSP accountable to SLAs, alert quality, and escalation proceduresReview MSSP deliverables such as dashboards, reports, and playbooks for quality and completenessManage the transition from the previous MSSP and ensure no coverage gapsSOC Team Technical LeadershipProvide day-to-day technical direction to SOC analysts by setting priorities, assigning tasks, and reviewing work productsEnsure incident response reports, playbooks, and dashboards meet quality standards before delivery to leadership or external stakeholdersDrive OKR execution for SOC-related objectives including logging coverage, detection counts, incident response metrics, and vulnerability SLA complianceIdentify skill gaps and development opportunities for junior analystsEstablish and enforce SOC processes that are documented, repeatable, and auditableRequired Qualifications:6+ years of experience in security operations, detection engineering, or SIEM/SOAR engineeringHands-on experience with Google SecOps (Chronicle) or equivalent enterprise SIEM such as Splunk, Sentinel, or QRadar, with Chronicle strongly preferredProduction experience with SentinelOne, CrowdStrike, or a comparable EDR platformDeep knowledge of AWS security services including GuardDuty, Security Hub, Inspector, CloudTrail, WAF, and ConfigExperience building detection rules mapped to the MITRE ATT&CK frameworkSOAR playbook development and automation experienceDemonstrated ability to lead without formal authority by setting direction for peers or junior analystsStrong incident response skills with experience writing complete reports for executive and external audiencesUnderstanding of NIST 800-53 controls, particularly Audit, System Integrity, and Incident Response familiesExcellent written communication skillsPreferred Qualifications:Experience with Google SecOps (Chronicle), SentinelOne, or similar SIEM/SOAR platforms; certifications are a plusExperience working in a FedRAMP High environment such as AWS GovCloudAzure security experience including Defender for Cloud, Entra ID, Log Analytics, and Event HubsExperience managing MSSP relationships and enforcing SLAsBackground in OT/ICS security monitoringExperience with vulnerability management tools such as Nessus, Inspector, or DefenderPrevious experience in a startup or high-growth environment building SOC capabilities from early stagesCertifications (Preferred, not required):GCIA, GCIH, GSOM, or other GIAC blue team certificationsGoogle Chronicle or SecOps certificationsAWS Security SpecialtyCISSP or CISMDetection engineering certifications such as SANS SEC555 or SEC511BenefitsWhat We Offer:136K-155K base + equity and performance bonus eligible, depending on experience and locationFull medical, vision, and dental insuranceGenerous PTORemote-first culture with flexible hoursOpportunity to protect critical infrastructure at scaleWork with patented, cutting-edge security technologyDirect ownership of SOC maturationCollaborative team with military, federal, and private sector expertiseSecurity ClearanceDue to federal customer and FedRAMP requirements, this role requires US Person status (citizen or permanent resident) under ITAR/EAR regulations.Ability to obtain and maintain a security clearance preferred
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.