Key skills
Incident ResponseThreat DetectionSecurity OperationsMicrosoft Defender for EndpointHuntressDNSFilterSIEMVulnerability ManagementEndpoint SecurityMicrosoft 365 Security ControlsSecurity DocumentationIntuneAppLockerThreatLockerRMM ScriptingSecurity+CySA+GCIHGCIALeadershipCommunicationCollaboration
About this role
GXA is seeking a highly capable Security Engineer to support the delivery and operation of their gShield security services. This hands-on role focuses on incident response, security tool operations, remediation execution, client security support, and internal security improvement initiatives.
Responsibilities:
- Serve as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise
- Lead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracing
- Execute containment and eradication actions such as endpoint isolation, session revocation, and credential resets
- Coordinate with SOC teams and vendor threat intelligence teams during active investigations and containment efforts
- Produce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-up
- Operate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologies
- Perform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security tools
- Support SIEM operations including query development, alert review, and rule tuning
- Assist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadership
- Monitor for security gaps, suspicious activity, and control weaknesses across managed environments
- Execute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendations
- Support gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysis
- Act as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams
- Assist with client hardening efforts and follow-through on security improvement actions across managed environments
- Support remediation of internal GXA security backlog items, including POA&M-related work
- Assist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiatives
- Contribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting
- Help improve internal security controls, tool effectiveness, and technical enforcement mechanisms
- Write and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident response
- Document technical findings, repeatable procedures, and lessons learned from incidents and tool operations
- Collaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunities
- Contribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functions
Requirements:
- 5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles
- Strong hands-on experience with incident response, threat detection, and security operations workflows
- Experience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies
- Ability to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediation
- Familiarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacks
- Experience supporting security controls in Microsoft 365 and endpoint environments
- Strong documentation skills and ability to write clear technical procedures and findings
- Ability to work calmly and methodically during active incidents and escalations
- Strong collaboration and communication skills with both internal teams and leadership stakeholders
- Experience in an MSP, MSSP, or multi-client environment
- Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation
- Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring
- Experience supporting vulnerability remediation and technical aspects of vCISO or managed security programs
- Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plus