Senior Security Engineer

Title:

Senior Security Engineer Job Description:

Job Overview The Senior Security Engineer, Modern SecOps is a highly skilled professional who plays a critical role in advancing and maturing SBM's enterprise security operations program. This is a senior level individual contributor role intended for an experienced security professional who brings deep technical ability, strong operational judgment, and the ability to influence security outcomes across complex, hybrid environments. This role will serve as a technical authority within Security Operations, responsible for the design, implementation, optimization, and effectiveness of a modern security operations platform that combines Microsoft native security capabilities with select opensource security tooling, aligned to operational needs and cost efficiency. Primary emphasis will be placed on Microsoft Defender XDR, Microsoft Sentinel (SIEM/SOAR), Purview, and Intune, while also contributing to the evaluation, deployment, and operation of opensource security tools to augment visibility, detection, and response where appropriate. Roles & Responsibilities To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Other duties may be assigned. Security Operations Leadership Act as a senior technical leader within Security Operations, providing expertise and direction on detection, investigation, and response practices. Own and continuously improve incident response workflows, escalation paths, and operational processes across Microsoft and opensource security platforms. Serve as a senior escalation point for complex or high impact security incidents. Help define operational standards, metrics, and maturity goals for a modern

SOC. SIEM, SOAR

& Detection Engineering Architect, build, and maintain SIEM and SOAR capabilities using modern SecOps tools like Microsoft Sentinel, Wazuh, and a combination of complementary tooling. Design and tune analytics rules, automation playbooks, and incident workflows to improve detection fidelity and response speed. Lead ongoing efforts to reduce alert fatigue, false positives, and redundant signals through structured, data driven tuning. Ensure detections are reliable, maintainable, and aligned with real-world threat activity. Threat Hunting & Advanced Analysis Lead and perform proactive threat hunting across endpoint, identity, email, cloud, network, and log-based telemetry. Develop and maintain advanced KQL queries for hunting, investigations, and detection engineering. Leverage opensource telemetry and detections to supplement Microsoft security signals where appropriate. Translate threat intelligence and emerging attacker techniques into actionable detections and response improvements. Align threat hunting and detections with frameworks such as

MITRE ATT&CK.

Security Architecture & Platform Strategy Provide hands-on security architecture guidance across endpoints, identity, email, cloud, network, and logging domains. Partner with infrastructure, cloud, identity, and application teams to ensure secure-by-design implementations. Drive thoughtful tool consolidation, prioritizing Microsoft E5 capabilities while integrating opensource solutions where they add measurable value. OpenSource Security Tooling Evaluate, deploy, and operate opensource security tools to enhance detection, visibility, or response capabilities. Contribute to the implementation and operationalization of

SIEM/SOAR

for host-based detection, log analysis, and security monitoring. Integrate opensource tooling with Microsoft Sentinel and Defender to create a unified investigation and response workflow. Assess tradeoffs between opensource and commercial solutions, including maintainability, scalability, and operational overhead. Automation & Engineering Design and implement security automation using Sentinel SOAR playbooks, APIs, and scripting. Integrate security tooling with IT systems, workflows, and notification platforms to improve operational efficiency. Microsoft Security Platform Expertise Act as a subject matter expert for: Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps) Microsoft Sentinel (SIEM/SOAR) Microsoft Purview (DLP, information protection, insider risk) Microsoft Intune (endpoint security posture and controls) Ensure platforms are configured according to best practices and continuously optimized as capabilities evolve. AI & Emerging Capabilities Evaluate and responsibly adopt AI assisted security capabilities, including Microsoft Security Copilot and related technologies. Identify opportunities where AI can improve investigation quality, response consistency, and analyst effectiveness. Collaboration & Mentorship Collaborate closely with IT operations, cloud engineering, identity, and application teams. Provide mentorship and technical guidance to junior and midlevel security staff. Clearly communicate security risks, findings, and recommendations to both technical and nontechnical stakeholders. Key Performance Indicators (KPIs) - 3/2026 Improve security incident detection and response effectiveness, demonstrated by reduced mean time to detect (MTTD) and mean time to respond (MTTR), and consistent execution of documented incident response workflows. Measured through quarterly meetings and yearly review Increase detection quality and signal fidelity by reducing false positives and alert fatigue, while expanding high‑confidence detections aligned to real‑world threats and the

MITRE ATT&CK

framework. Measured through Weekly meetings and Yearly review Advance SecOps automation and operational efficiency through the implementation and optimization of SOAR playbooks and scripting that reduce manual investigation effort and improve response consistency. Measured through monthly meetings and yearly review. Strengthen security architecture and tooling strategy by optimizing Microsoft E5 security capabilities, integrating open‑source tools where they provide measurable value, and contributing to long‑term SecOps platform decisions. Measured through yearly review. Provide senior‑level technical leadership and influence, including mentoring security staff, collaborating with IT and engineering teams, and clearly communicating security risks and recommendations to technical and non‑technical stakeholders. Measured through yearly review. Qualification To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Other duties, responsibilities and activities may change or be assigned at any time with or without notice. Education and/or Experience 10+ years of experience in cybersecurity, security engineering, or security operations roles. Demonstrated senior level experience operating and evolving SIEM and SOC environments. Deep hands-on experience with Microsoft Sentinel and Microsoft Defender XDR. Experience developing automation or tooling using Python, PowerShell, or similar languages. Proven ability to operate autonomously, make sound technical decisions, and own outcomes end-to-end. Strong experience with Microsoft Entra Identity. Entra Roles and administrators. Conditional access policies. Entra MFA. Entra Enterprise Apps security. Strong experience with SOAR automation, detection engineering, and alert tuning. Experience operating within a Microsoft E5 first security strategy. Hands-on experience with Microsoft Purview, including DLP, data classification, information protection, and insider risk. Familiarity with Microsoft Intune security and endpoint posture management. Experience integrating opensource telemetry into enterprise SIEM or SOC workflows. Experience with threat intelligence, malware analysis, or security research. Experience evaluating or leveraging AI assisted security tools, including Microsoft Security Copilot. Experience deploying, managing, or integrating opensource security tools, such as: Wazuh, Suricata, Zeek, OpenVAS, TheHive, etc. Opensource SIEM, HIDS, or log analysis platforms Licenses and Certifications Relevant certifications such as SC200, SC100, AZ500, CISSP, or equivalent. Knowledge, Skills, and Abilities Advanced proficiency in KQL Solid understanding of endpoint, identity, email, cloud, network, and log-based security. Supervisory Responsibilities This position has no Supervisory Responsibilities. Physical Demands & Work Environment The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this Job, the employee is regularly required to sit. The employee is frequently required to walk and use hands to finger, handle, or feel. The employee is occasionally required to stand. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually quiet.

Compensation:

$110,000-$120,000 per year

Benefits:

SBM offers comprehensive benefit packages. For information about SBM's benefits, please visit SBM's website at: www.sbmmanagement.com/careers Careers - SBM SBM Management Services, LP and its affiliates are proud to be equal opportunity workplaces. We are committed to equal employment opportunity regardless of race, sex, color, ancestry, religion, national origin, sexual orientation, citizenship, age, marital status, disability, gender identity, Veteran status, or other legally protected status. At SBM, we deliver soft services facilities management through innovative technology, exceptional quality, and empowered associates on a global scale. Our approach is centered on providing scalable, predictable, and repeatable results across space types. With our experience in state-of-the-art facilities and continuously evolving processes, we ensure that our clients experience unmatched service excellence to support our clients' most ambitious missions.