SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 78714, Austin, TX
  3. Security Operations Engineer

Security Operations Engineer

Air InfoSec, LLC
Posted 4 days ago, valid for 2 days
Location

Austin, TX 78714, US

Salary

$56 - $66 per hour

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • The Security Operations Engineer will support the Texas Cyber Command in statewide security operations monitoring, focusing on SIEM, IDS/IPS, and network monitoring platforms.
  • Candidates are required to have a minimum of 5 years of SOC operations experience, along with hands-on experience in IDS/IPS platforms and advanced packet capture analysis.
  • The role involves engineering and maintaining detection logic, collaborating closely with SOC analysts and Incident Responders to enhance threat validation.
  • Preferred qualifications include 6 years of operationalizing threat intelligence and proficiency in SOAR orchestration for SOC automation.
  • The position is based in San Antonio or Austin, Texas, with a salary range of $80,000 to $120,000, and requires U.S. citizenship and successful background checks.

The Security Operations Engineer will support the Texas Cyber Command on the statewide security operations monitoring initiative. This role focuses on engineering, tuning, and maintaining SIEM, IDS/IPS, and network monitoring platforms to support detection, investigation, and incident response activities. The role requires close collaboration with SOC analysts and Incident Responders to provide network-level evidence and threat validation. The position also involves operationalizing threat intelligence into detection logic and supporting orchestration workflows across multiple security platforms. This work directly supports statewide monitoring expansion and improved detection coverage.

Responsibilities:

  • Engineer, maintain, and tune SIEM platforms, including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies, including signature development and false-positive reduction.
  • Perform packet capture analysis to validate alerts, identify malicious traffic, and support investigations.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and command-and-control activity.
  • Operationalize threat intelligence feeds within SOC platforms, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligence-driven insights to improve alert fidelity and reduce false positives.
  • Develop and maintain orchestration playbooks integrating SIEM, EDR, threat intelligence, and ticketing systems.
  • Support SOC operations through detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide network-level evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, platform health assessments, and detection coverage maps.
  • Implement detection logic consistent with MITRE ATT&CK and emerging adversary behaviors.

Requirements

Minimum Qualifications:

  • 5 years of SOC operations experience.
  • 5 years of hands-on experience with IDS/IPS platforms, including signature tuning, false-positive reduction, and threat-driven detection improvements.
  • 5 years of advanced packet capture and network analysis experience to identify anomalies, malicious traffic, and lateral movement.
  • 5 years of experience maintaining and tuning EDR platforms and integrating EDR telemetry into SIEM and orchestration workflows.
  • 5 years of threat intelligence application expertise.
  • 5 years of experience developing detection logic aligned with adversary tactics, techniques, and procedures.

Preferred Qualifications:

  • 6 years of experience operationalizing threat intelligence by converting indicators and tactics, techniques, and procedures into SIEM rules, IPS signatures, and automated enrichment logic.
  • 5 years of experience performing packet-level analysis to validate alerts and identify malicious activity.
  • 5 years of experience serving as an escalation point for SOC analysts and incident responders with enriched network-level intelligence.
  • 5 years of proficiency with SOAR orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR, threat intelligence, and ticketing systems for SOC automation.
  • 4 years of experience with security certifications such as CISSP, CEH, GISF, GSEC, CySA+, or Security+.

Additional Requirements:

  • Candidate must be a U.S. citizen.
  • Candidate must pass required background checks.
  • Work must be performed from within the United States.
  • Occasional after-hours support may be required with TXCC approval.


Work Location and Schedule:

Location: TXCC San Antonio office, 506 Dolorosa Street, San Antonio, TX 78204, or TXCC Austin office, 1001 North Loop, Austin, TX 78756.

Schedule: Monday through Friday, 8:00 AM to 5:00 PM, excluding State holidays.

Work Arrangement: Hybrid - On Site and Telework.





Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs