Senior Security Operations Engineer

Job Title: Senior Security Operations Engineer

Location: Washington, DC

Note: This is an onsite position Place at NIHeadquarters located at 550 12th Street SW, Washington, DC 20024

• The Senior Security Operations Engineer is responsible for architecting, implementing, configuring, administering, tuning, and operationally managing enterprise cybersecurity technologies within complex production environments.
• This role requires extensive hands-on technical experience supporting cyber operations and maintaining operational security platforms across on-premises, hybrid, and cloud infrastructures.

Key Responsibilities

Architect, deploy, configure, administer, and maintain enterprise security operations tools and technologies in production environments.

Manage and optimize Security Information and Event Management (SIEM) platforms including log ingestion, correlation rules, alert tuning, dashboard development, use-case creation, and operational monitoring.

Deploy, administer, and maintain Endpoint Detection and Response (EDR) solutions to support endpoint visibility, threat detection, containment, and remediation activities.

Configure and manage Intrusion Detection and Prevention Systems (IDS/IPS), network security monitoring tools, and threat detection technologies to identify and respond to malicious activity.

Administer vulnerability management platforms, conduct authenticated and unauthenticated vulnerability scans, validate remediation activities, and support enterprise vulnerability reduction initiatives.

Manage enterprise log management and security monitoring platforms, ensuring collection, normalization, retention, and analysis of security-relevant telemetry across servers, endpoints, applications, cloud platforms, and network devices.

Implement and support cloud security technologies across AWS, Azure, and/or Google Cloud environments, including cloud-native monitoring, workload protection, identity security, and compliance monitoring capabilities.

Perform hands-on system integration, tool deployment, platform upgrades, patching, troubleshooting, and operational maintenance activities for security technologies.

Develop detection engineering content including SIEM correlation rules, EDR detections, IOC-based alerts, behavioral analytics, and automated response workflows.

Support cyber operations activities including continuous monitoring, threat hunting, incident detection, containment, eradication, and recovery efforts.

Collaborate with infrastructure, network, cloud, and application teams to integrate security controls and improve enterprise security posture.

Create technical documentation, standard operating procedures, architecture diagrams, implementation guides, and operational runbooks.

Required Technical Experience

Demonstrated hands-on experience implementing and operating enterprise cybersecurity tools in production environments.

Strong operational experience with technologies such as:

• SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, ArcSight)
• EDR platforms (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne)
• IDS/IPS technologies (e.g., Snort, Suricata, Palo Alto, Cisco Firepower)
• Vulnerability management tools (e.g., Tenable Nessus, Qualys, Rapid7)
• Log management and monitoring solutions
• SOAR and security automation platforms
• Cloud security platforms and native cloud security tooling

About Us: