Senior IT Security Operations Engineer

Enroll Here is on a mission to make healthcare enrollment simple, transparent, and accessible for everyone. We partner with organizations nationwide to deliver streamlined technology and exceptional customer experiences, ensuring members can access the coverage they need with confidence. Our fully remote team thrives on collaboration, innovation, and a shared commitment to improving the enrollment journey for all.

The Senior IT Security Operations Engineer is responsible for strengthening and managing Enroll Here’s security operations function—detecting, investigating, and responding to security incidents, optimizing monitoring and defense mechanisms, and leading proactive threat detection and response initiatives.

This role will serve as a senior individual contributor and trusted technical leader, helping drive the maturity of the Security Operations Center (SOC), automation, metrics, playbooks, and cross-functional collaboration to ensure the confidentiality, integrity, and availability of Enroll Here’s systems and data.

Responsibilities

Operational Security & Incident Response

• Monitor, detect, analyze, and respond to security events and incidents using SIEM, EDR, IDS/IPS, and network analytics tools.
  
  
• Lead or participate in incident response, root cause analysis, post-incident reviews, and remediation planning.
  
  
• Triage alerts, assess severity, contain threats, and coordinate with IT, networking, and application teams to drive resolution.
  
  
• Continuously improve detection capabilities and tune alerts to enhance accuracy and reduce false positives.
  
  

Threat Hunting & Proactive Defense

• Conduct proactive threat hunting across endpoints, networks, logs, cloud, and identity environments.
  
  
• Integrate threat intelligence feeds into detection logic and analytics.
  
  
• Develop and maintain custom detection rules, scripts, and playbooks to strengthen defenses.
  
  

Logging, Monitoring, & Automation

• Design, maintain, and optimize logging and monitoring architecture, ensuring scalability and performance.
  
  
• Manage security tooling such as SIEM, EDR, UEBA, SOAR, and threat intelligence platforms.
  
  
• Automate detection and response workflows using scripts, APIs, or orchestration tools.
  
  

Processes, Playbooks, & Documentation

• Create and enhance incident response playbooks, standard operating procedures, and runbooks.
  
  
• Establish key metrics, dashboards, and KPIs to measure SOC performance and maturity.
  
  
• Conduct regular tabletop exercises and maintain documentation for audit readiness.
  
  

Governance, Risk & Compliance

• Partner with GRC teams to align security operations with regulatory and contractual obligations (HIPAA, PCI, NIST, etc.).
  
  
• Provide evidence and reporting for audits and risk assessments.
  
  
• Support prioritization of security initiatives through operational risk insights.
  
  

Collaboration & Leadership

• Mentor junior team members and guide investigations within the SOC.
  
  
• Act as a liaison with IT, cloud, and engineering teams to integrate security controls throughout the tech stack.
  
  
• Engage vendors and MSSPs to evaluate tools, share threat intelligence, and improve operational efficiency.
  
  

Present to leadership on security posture, incidents, and ongoing improvements.

Required:

• Bachelor’s degree in Computer Science, Information Security, IT, or related field.
  
  
• 5–8+ years of experience in cybersecurity, including Security Operations, Incident Response, or SOC roles.
  
  
• Hands-on experience with tools such as SIEM, EDR, IDS/IPS, and network monitoring.
  
  
• Skilled in incident handling, investigation, and root cause analysis.
  
  
• Strong scripting/automation skills (Python, PowerShell, Bash).
  
  
• Deep understanding of logs, protocols, network fundamentals, and data analysis.
  
  
• Familiarity with cloud security (AWS, Azure, GCP).
  
  
• Strong analytical, investigative, and communication skills.
  
  
• Experience working in or supporting 24x7 SOC operations.
  
  

Preferred:

• Certifications: CISSP, CISM, GCIH, GCIA, or related.
  
  
• Experience with SOAR platforms and automated playbooks.
  
  
• Exposure to threat intelligence, malware analysis, or reverse engineering.
  
  
• Knowledge of DevSecOps practices and CI/CD integration.
  
  
• Familiarity with regulatory frameworks (HIPAA, ISO, NIST, PCI).
  
  

Experience mentoring or leading SOC team initiatives.