Security Operations Engineer

Security Operations Engineer **Req number:** R6553 **Employment type:** Full time **Worksite flexibility:** Remote **Who we are** CAI is a global technology services firm with over 8,500 associates worldwide and a yearly revenue of $1 billion+. We have over 40 years of excellence in uniting talent and technology to power the possible for our clients, colleagues, and communities. As a privately held company, we have the freedom and focus to do what is right-whatever it takes. Our tailor-made solutions create lasting results across the public and commercial sectors, and we are trailblazers in bringing neurodiversity to the enterprise. **Job Summary** As a Security Operations Engineer, you will provide firewall configuration, incident response and troubleshooting on mail flow for our clients. **Job Description** We are seeking a skilled **Security Operations Engineer** with expertise in firewall configuration, incident response processes, and troubleshooting mail flow issues. The ideal candidate will have a strong technical background, excellent problem-solving skills, and the ability to work both independently and collaboratively to ensure the security and functionality of IT systems. This position is focused on delivering measurable outcomes tied to operational performance, incident handling, and incremental improvements. This is a **remote, salaried full time** opportunity. **Due to the specific legal and contractual requirements associated with this position, only U.S. citizens will be considered for this role.** **What You'll Do** **Firewall Configuration:** + Analyze and digest configurations from one firewall brand and apply equivalent configurations to another brand, ensuring seamless functionality and security + Implement, manage, and troubleshoot firewall rules to support business needs while maintaining security standards **Incident Response:** + Monitor and respond to alerts for risky user activity, performing the full incident response (IR) lifecycle + Conduct log analysis to identify suspicious or malicious activity + Lead containment and remediation actions with a focus on minimizing impact and resolving issues efficiently + Document chain of custody during forensic investigations and provide technical reports post-incident + Collaborate with IT and security teams to improve detection and response capabilities **Mail Flow Troubleshooting:** + Diagnose and resolve mail flow issues in Microsoft 365 and third-party email filtering systems + Review logs and configurations to identify and address disruptions in email delivery + Implement changes and updates to ensure optimal email performance and security **Operational Improvements:** + Perform regular security tuning and hygiene tasks to optimize SIEM, EDR, and identity detection systems, reducing false positives + Deliver measurable improvements in endpoint coverage, IAM hygiene compliance, and vulnerability closure rates + Maintain and update SOPs/playbooks, ensuring accurate documentation and knowledge transfer to Tier 1/2 staff **Collaboration and Training:** + Conduct knowledge transfer sessions and provide training to junior staff as needed + Participate in quarterly tabletop exercises to enhance readiness, document findings, and identify opportunities for improvement + Updated SOPs and knowledge transfer materials **Deliverables:** + Firewall configuration transfer and validation reports; incident response documentation, including investigation findings and remediation steps; monthly security tuning and improvement reports; mail flow troubleshooting logs and resolution summaries **What You'll Need** Required: + Minimum of 5 years of experience in firewall configuration, management, and troubleshooting across multiple brands + Strong understanding of incident response processes, including log analysis, containment, and remediation + Hands-on experience with Microsoft 365 and third-party email filtering systems for mail flow troubleshooting + Proficiency in SIEM and EDR systems, with demonstrated ability to reduce false positives and improve detection accuracy + Familiarity with IAM role compliance and vulnerability remediation + Solid understanding of network security principles and best practices + Excellent problem-solving skills and the ability to work under pressure + Strong communication skills, both written and verbal, with the ability to document processes and findings effectively **Preferred Qualifications:** + Relevant certifications such as CISSP, CEH, or equivalent + Experience with cloud networking solutions and advanced forensic analysis tools + Working knowledge of Adobe Acrobat and Excel for documentation and reporting purposes **Physical Demands** + Ability to safely and successfully perform the essential job functions consistent with the ADA and other federal, state, and local standards + Sedentary work that involves sitting or remaining stationary most of the time with occasional need to move around the office to attend meetings, etc. + Ability to conduct repetitive tasks on a computer, utilizing a mouse, keyboard, and monitor + Limited travel may be required \#LI-JH1 **Reasonable accommodation statement** If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employment selection process, please direct your inquiries to [email protected] or (888) 824 - 8111. The pay range for this position is listed above. Exact compensation may vary based on several factors, including location, experience, and education. Benefit packages include medical, dental, and vision insurance, as well as 401k retirement account access. Employees in this role receive paid time off and may also be entitled to paid sick leave and/or other paid time off as provided by applicable law.