Senior Security Engineer

This is a fully remote position, open to applicants in Pakistan.

📋 Description

• Act as a Tier 3 escalation point for ongoing security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromise.

• Lead technical analysis during incident response and war room activities, encompassing log reviews, IOC hunting, and lateral movement tracking.

• Implement containment and eradication measures such as endpoint isolation, session revocation, and credential resets.

• Collaborate with SOC teams and vendor threat intelligence teams during active investigations and containment operations.

• Create precise incident timelines, technical findings, and evidence packages for vCISO assessment and client follow-up.

• Utilize the gShield toolstack on a daily basis, including platforms like Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and associated security technologies.

• Conduct alert triage, risk identification, resolution of scan issues, and ensure follow-through on issues raised by security tools.

• Assist with SIEM operations, including query development, alert reviews, and rule tuning.

• Aid in refining detection logic, scan settings, and platform efficiency in coordination with Centralized Services and security leadership.

• Monitor for security vulnerabilities, suspicious activities, and control deficiencies across managed environments.

• Implement technical remediation actions identified through MRMMs, preventive measures, vulnerability assessments, and security recommendations.

• Support gShield deliverables through technical validation, evidence collection, scan assessments, and vulnerability evaluations.

• Serve as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teams.

• Assist with client hardening initiatives and ensure follow-through on security enhancement actions across managed environments.

• Aid in the resolution of internal GXA security backlog items, including work related to POA&M.

• Support the deployment and maintenance of phishing-resistant MFA, passkeys, and other internal security projects.

• Contribute to security engineering initiatives related to Intune, Defender, ThreatLocker, AppLocker, and RMM scripting.

• Help enhance internal security controls, tool effectiveness, and technical enforcement measures.

• Author and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures pertinent to gShield operations and incident response.

• Document technical findings, repeatable procedures, and insights gained from incidents and tool operations.

• Collaborate with security leadership and technical stakeholders on process enhancements, skill development, and automation opportunities.

• Provide technical depth to broader security documentation as needed, while acknowledging that ownership of policy, standards, and governance documentation lies with security leadership and related functions.

⛳️ Requirements

• 5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response roles.

• Strong hands-on expertise in incident response, threat detection, and security operations workflows.

• Experience with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologies.

• Capability to investigate security alerts, analyze logs, trace attacker activities, and support containment and remediation efforts.

• Familiarity with common attack vectors including phishing, BEC, account compromise, ransomware, and identity-based threats.

• Background in supporting security controls within Microsoft 365 and endpoint environments.

• Excellent documentation skills with the ability to produce clear technical procedures and findings.

• Ability to remain calm and methodical during active incidents and escalations.

• Strong collaboration and communication skills with both internal teams and leadership stakeholders.

• Experience in an MSP, MSSP, or multi-client setting.

• Familiarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automation.

• Understanding of CIS benchmarks, security hardening standards, and configuration drift monitoring.

• Experience in supporting vulnerability remediation and technical components of vCISO or managed security programs.

• Security certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are advantageous.

🏝️ Benefits

• Comprehensive health benefits package.

• Opportunities for professional development and continuous learning.

• Flexible work hours and remote work options.

• Collaborative and inclusive work environment.