Senior SOC Engineer (Security Operations Technical Lead) - Remote (USA)

<p style="text-align: justify; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em>About us: </em></strong>At Echelon Risk + Cyber, we believe in defending basic human rights to security and privacy. We seek a highly skilled and hands-on <strong>Security Operations Technical Lead</strong> to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. Our next team member will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions. </span></p> <p style="text-align: justify; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">As the <strong>Security Operations Technical Lead</strong>, you will build and mature our SOC capabilities within our MSSP practice. The ideal candidate brings <strong>7–10 years of MSSP experience</strong> (with at least <strong>5 years on a SOC team</strong>) and a strong security engineering background across <strong>EDR/MDR, SIEM, Microsoft 365 security, and email security</strong>. In this role, you'll guide day-to-day SOC operations, detection engineering, and incident response, while remaining <strong>primarily hands-on</strong>.</span></p> <p style="text-align: justify; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">At Echelon, you will have the opportunity to engage with clients, business partners, and systems that are at the cutting edge of technology. We allow our employees to build from the ground up and make an impact across the organization. We look for driven and proactive people who are eager to contribute to a distinct and thriving Cybersecurity services organization that can adapt to a rapid and changing environment.</span></p> <p style="text-align: justify; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>This is a remote position from anywhere in the USA.</strong></span></p> <p><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">What You Will Do:</span></em></strong></span></p> <ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>SOC leadership & maturity (no hiring duties):</strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Establish and refine SOC processes (tiering, shift coverage, escalation paths, QA, SLAs/OLAs).</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Drive runbook discipline, training plans, and continuous improvement for service quality.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Own SOC KPIs (MTTD/MTTR, detection efficacy, false-positive rate, case aging, CSAT/NPS).</span></li> </ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>Detection & response (hands-on):</strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Build and tune detections in SIEM/XDR; develop correlation rules, parsers, and dashboards.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Lead investigations and major incidents end-to-end; conduct post-incident reviews and reporting.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Perform proactive threat hunting aligned to MITRE ATT&CK and emerging TTPs.</span></li> </ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>Tooling & platform engineering:</strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Deploy, integrate, and operate <strong>EDR/MDR</strong> (CrowdStrike, SentinelOne, <strong>Blackpoint</strong>), <strong>Microsoft 365/Windows Defender</strong>, SIEM, SOAR, email security, vulnerability scanners, and NSM tools.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Engineer log onboarding/normalization across cloud (AWS, Azure, <strong>M365</strong>, GCP), network, endpoint, identity, and SaaS sources.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Build automation/orchestration playbooks to reduce MTTD/MTTR and analyst toil.</span></li> </ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>Service delivery & client engagement:</strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Serve as technical point of contact for customers; present posture reviews and improvement plans.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Define and meet service SLAs; contribute to SOWs, service catalogs, and onboarding playbooks.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Coordinate with customer IT/CISO teams, vendors, and legal/compliance during incidents.</span></li> </ul> </ul> <ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong>Risk, compliance & continuous improvement</strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001).</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Drive vulnerability and exposure management with risk-based prioritization.</span></li> <li style="color: #002060; tab-stops: list 72.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Run tabletop exercises, purple-team activities, and lessons learned.</span></li> </ul> </ul> <p><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Your Knowledge, Skills, and Abilities: </span></em></strong></span></p> <ul> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Deep knowledge of SOC operations (triage, incident lifecycle, evidence handling, documentation).</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Strong grasp of Windows/*nix/AD/<strong>M365</strong>, identity security (SSO/MFA), network protocols, and cloud telemetry.</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Expertise in detection engineering and query languages (SPL, <strong>KQL</strong>, Elastic DSL, AQL).</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Familiarity with adversary emulation and frameworks (MITRE ATT&CK, D3FEND, CIS Controls).</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Understanding of email security (phishing, BEC), vulnerability scanning/patching, and network security monitoring (IDS/IPS, PCAP).</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Proficiency with SOAR concepts and playbook design (enrichment, containment, ticketing).</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Scripting/automation (PowerShell, Python, or equivalent) for enrichment, triage, and response.</span></li> <li style="color: #002060; tab-stops: list 36.0pt; background: white; vertical-align: baseline;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Clear written/verbal communication for executive briefings and technical reports.</span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;"><strong>Applicants must have authorization to work in the United States without current or future visa sponsorship.</strong></span></li> </ul> <p style="background: white; vertical-align: baseline;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em>Specific Qualifications:</em></strong></span></p> <ul> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">Experience: 7–10 years in MSSP settings; 5+ years on a SOC team; 2–4+ years in a lead/technical lead capacity.</span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Platforms (hands-on in several):</span></strong></span></li> <ul> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">EDR/XDR/MDR: CrowdStrike, SentinelOne, Blackpoint, Microsoft Defender for Endpoint, Cortex XDR, etc.</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">Microsoft ecosystem: Microsoft 365, Windows Defender / Defender for Endpoint, Defender for Office 365, Azure security telemetry (KQL, Log Analytics, Sentinel).</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar, Exabeam, or similar.</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">SOAR: Splunk SOAR, Cortex XSOAR, Sentinel automation.</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">Email security & awareness: Mimecast, KnowBe4, Material Security, M365 Defender for Office 365.</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">Vulnerability management: Tenable, Qualys, or Rapid7.</span></li> <li style="color: #002060; tab-stops: list 72.0pt;"><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #000080;">NSM/IDS: Zeek, Suricata, commercial IDS/IPS.</span></li> </ul> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">IR leadership:</span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"> Proven track record leading medium/major incidents (ransomware, BEC, insider, cloud credential abuse).</span></span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Cloud:</span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"> Experience securing and monitoring AWS/Azure/GCP and M365 (identity and endpoint telemetry).</span></span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Process:</span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"> Built or matured playbooks, runbooks, use-case catalogs, and service reporting. </span><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Demonstrated KPI/OKR management.</span></span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Certifications (nice to have):</span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"> CISSP, GIAC (GCIA/GCIH/GCFA/GCDA/GMON), OSCP, Azure/Microsoft security (SC-200/SC-100), Splunk, CrowdStrike CCFR/CCFA, or similar.</span></span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Availability: </span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Able to participate in escalation/on-call rotation and support off-hours incidents as needed.</span></span></li> <li style="color: #002060; tab-stops: list 36.0pt;"><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Education:</span></strong><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"> BS in CS/Cybersecurity or equivalent experience (experience > degree where applicable)</span></span></li> </ul> <p><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">Why Echelon? </span></em></strong></span></p> <p><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">We are committed to creating an inclusive environment for our team with unquestioned integrity. If you have a special need that requires accommodation, please let your recruiter know. One of our core values is "People with Personality," and we want to allow you the space to bring your full self to work. </span></p> <p><span style="font-family: verdana, geneva, sans-serif; font-size: 10pt; color: #000080;"><strong><em><span style="background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;">We Currently Offer The Following Benefits: </span></em></strong></span></p> <ul> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer. </span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Employer funding to HSA accounts and FSA access.</span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Access to a 401(k) through Vanguard with a guaranteed employer contribution </span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to </span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">11 holidays with flexibility based on what is important for you and those you love. </span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Family-friendly benefits, including weeks off for Maternity leave, weeks off for non-birthing parent leave, employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more </span></li> <li><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">Support for individual development through certifications, continued learning, conferences, and more </span></li> </ul> <p><span style="font-size: 10pt; font-family: verdana, geneva, sans-serif; color: #000080;">We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status, or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer. </span></p>

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...