Senior Security Engineer
RxBenefits, Inc. · $120K–$150K/yr
Insurance and Employee Benefit Funds · 1,001-5,000 employees
About the role
Lead the SIEM platform, security monitoring, and incident response functions end-to-end. This includes developing detection content, managing log architecture, and conducting proactive threat hunts across cloud and endpoint environments.
What they look for
Requirements
Requires a bachelor's degree, a cyber-specific certification, and at least seven years of IT experience with four years in security engineering or SOC roles. Expert-level hands-on experience with SIEM platforms and advanced scripting skills in Python, PowerShell, or Bash are mandatory.
Benefits
Full description
RxBenefits is seeking a highly experienced Senior Security Engineer to lead our SIEM platform, security monitoring, and incident response function. This role owns the health and effectiveness of the security operations program end to end: log source architecture, detection engineering, alert triage, threat hunting, and incident response. The Senior Security Engineer operates as the technical authority for detecting and responding to threats across cloud, endpoint, identity, and network environments, and works closely with infrastructure and application security teams to close the loop from detection to remediation. The ideal candidate combines deep SIEM engineering skill with hands-on incident response experience and can operate independently in a HIPAA-regulated environment working toward NIST, ISO, and SOC 2 requirements.
Essential Job Responsibilities Include:
- SIEM Engineering & Administration: Own the SIEM platform end to end, including log source onboarding, correlation rule development, detection tuning, dashboarding, and platform performance and cost management.
- Incident Response: Lead the full incident response lifecycle, including triage, containment, eradication, recovery, root cause analysis, and post-incident reporting.
- Threat Detection & Hunting: Build and maintain detection content mapped to MITRE ATT&CK; conduct proactive threat hunts across cloud infrastructure, endpoints, identity systems, and network traffic.
- Security Operations: Define and enforce SOC processes, including alert triage workflows, escalation paths, on-call procedures, and operational metrics such as mean time to detect and mean time to respond.
- Log Source Architecture: Manage ingestion pipelines from cloud audit logs (e.g., AWS CloudTrail), EDR, identity providers, network security platforms, and endpoint management tools into the SIEM.
- Threat Intelligence Integration: Operationalize threat intelligence feeds into detection rules, enrichment workflows, and hunting hypotheses.
- Automation & Scripting: Develop automation for detection engineering, alert enrichment, and response playbooks to reduce manual analyst workload and speed response time.
- Tabletop Exercises: Lead in and support tabletop exercises to assess and continuously improve incident response procedures, crisis management, and disaster recovery plans.
- Cross-Functional Investigations: Correlate findings across infrastructure, application security, and identity teams during investigations, and drive permanent remediation of identified risks.
- Reporting: Produce technical incident reports and SOC posture reporting that give leadership clear visibility into detection coverage, response performance, and outstanding risk.
- Standards & Documentation: Define and enforce detection engineering standards, runbooks, and playbooks used across the security team.
Required Skills / Experience:
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience required.
- Cyber-specific certification required (e.g., GCIH, GCFA, CISSP, or a relevant SIEM/vendor certification).
- Minimum of seven (7) years of IT experience, with at least four (4) years in a security engineering, SOC, or incident response role.
- Expert-level, hands-on experience with SIEM platforms (Sumo Logic strongly preferred), including log architecture, correlation rule development, and performance tuning.
- Working knowledge of incident response methodology (e.g., NIST 800-61) and fluency with the MITRE ATT&CK framework.
- Strong understanding of AWS security logging and detection services (CloudTrail, GuardDuty, Security Hub) and Windows/Linux log sources; Linux required.
- Hands-on experience investigating alerts and telemetry from EDR (e.g., CrowdStrike), network security platforms (e.g., Zscaler), and O365/identity log sources.
- Advanced scripting and automation experience with PowerShell, Python, or Bash required.
- Ability to work fully independently and lead multiple complex investigations and projects to completion.
- Excellent interpersonal and communication skills (verbal and written) across all levels of the organization.
- Strong analytical and problem-solving skills, with sound judgment under incident pressure.
- Ability to deliver on objectives.
Preferred Skills/Experience:
- Experience participating in tabletop exercises preferred.
- Healthcare industry experience preferred.
Based on relevant market data and other factors, the anticipated hiring range for this role is $120,000 to $150,000 annually. Final compensation rates will be determined based on various factors, including but not limited to experience, skills, knowledge, and internal equity considerations. This role is also short-term incentive eligible. Incentive amounts will vary by individual and business goals.
We are committed to fair and equitable compensation practices. The final salary offered to the selected candidate may vary from the posted range due to individual qualifications. Our goal is to ensure that all teammates are compensated fairly and competitively based on their contributions to our organization.
RxBenefits is also committed to providing best in class benefits to our teammates. We offer a robust total rewards package that includes:
- Remote first work environment
- Choice of a HDHP or PPO Medical plan, we pay 100% of the premium for the HDHP for you and your eligible family members
- Dental, Vision, Short- and Long-Term Disability, and Group Life Insurance that we also pay 100% of premiums (for your family too on Dental and Vision)
- Additional buy-up options for Short- and Long-Term Disability and Life Insurance
- 401(k) with an employer match up to 3.5% available after 60 days
- Community Service Day to give back and support what you love in your community
- 10 company holidays including MLK Day, Juneteenth, and the day after Thanksgiving plus a floating holiday to use as you like
- Reimbursements for high-speed internet, we’ll send you a computer and monitors to help you do your best work
- Tuition Reimbursement for accredited degree programs
- Paid New Parent Leave that can be used for adoption or birth
- Pet insurance to protect your furbabies
- A robust mental health benefit and EAP service through Spring Health to support you when you need it most