[Remote] Senior Security Engineer

Note: The job is a remote job and is open to candidates in USA. GXA is seeking a highly capable Security Engineer to support the delivery and operation of their gShield security services. This hands-on role focuses on incident response, security tool operations, remediation execution, client security support, and internal security improvement initiatives.

Responsibilities

• Serve as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise
• Lead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracing
• Execute containment and eradication actions such as endpoint isolation, session revocation, and credential resets
• Coordinate with SOC teams and vendor threat intelligence teams during active investigations and containment efforts
• Produce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-up
• Operate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologies
• Perform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security tools
• Support SIEM operations including query development, alert review, and rule tuning
• Assist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadership
• Monitor for security gaps, suspicious activity, and control weaknesses across managed environments
• Execute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendations
• Support gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysis
• Act as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams
• Assist with client hardening efforts and follow-through on security improvement actions across managed environments
• Support remediation of internal GXA security backlog items, including POA&M-related work
• Assist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiatives
• Contribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting
• Help improve internal security controls, tool effectiveness, and technical enforcement mechanisms
• Write and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident response
• Document technical findings, repeatable procedures, and lessons learned from incidents and tool operations
• Collaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunities
• Contribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functions

Skills

• 5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles
• Strong hands-on experience with incident response, threat detection, and security operations workflows
• Experience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies
• Ability to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediation
• Familiarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacks
• Experience supporting security controls in Microsoft 365 and endpoint environments
• Strong documentation skills and ability to write clear technical procedures and findings
• Ability to work calmly and methodically during active incidents and escalations
• Strong collaboration and communication skills with both internal teams and leadership stakeholders
• Experience in an MSP, MSSP, or multi-client environment
• Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation
• Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring
• Experience supporting vulnerability remediation and technical aspects of vCISO or managed security programs
• Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plus

Company Overview