
SNOC Engineer III
Posted 6 days ago

Posted 6 days ago
This is a fully remote position, open to applicants in Mexico.
• Lead the ongoing enhancement of SNOC security operations by pinpointing opportunities to improve monitoring, response workflows, automation, and overall operational efficiency.
• Act as the main escalation point for intricate security incidents, delivering advanced technical analysis and resolution support to the SNOC engineering team.
• Assist in the creation and upkeep of operational documentation, which includes security runbooks, incident response procedures, investigation guides, and knowledge base articles.
• Detect and evaluate potential security risks, vulnerabilities, and suspicious activities across network, system, endpoint, identity, and cloud environments, and recommend remediation measures.
• Contribute to enhancing security monitoring capabilities by refining detection logic, tuning alerts, and participating in SIEM analytics rules and automation workflows.
• Provide mentorship and technical support to junior SNOC engineers during investigations, troubleshooting, and incident response efforts.
• Aid in security compliance initiatives by ensuring that operational activities, incident investigations, and response actions are thoroughly documented for auditing and reporting purposes.
• Engage in the validation and testing of incident response protocols, disaster recovery plans, and operational readiness exercises.
• Serve as the technical lead for high-severity security incidents, managing investigation activities and directing containment, eradication, and recovery efforts.
• Conduct advanced threat analysis utilizing SIEM, EDR, identity protection, and network telemetry platforms to detect malicious or suspicious activities.
• Examine complex security alerts and correlated incidents across endpoint, identity, email, cloud, and network security platforms.
• Create and enhance detection capabilities, including SIEM analytics rules, threat hunting queries, alert enrichment logic, and automated response playbooks.
• Provide escalation support during significant incidents, assisting with root cause analysis, containment strategies, and post-incident documentation.
• Collaborate with engineering, infrastructure, and client teams to execute remediation actions and long-term risk mitigation strategies.
• Support the onboarding and integration of security telemetry from new platforms and security technologies into the monitoring environment.
• Ensure that security investigations, incidents, and operational actions are accurately recorded within ticketing and case management systems.
• A Bachelor’s degree in Cybersecurity, Information Technology, or a related field is preferred (or equivalent experience).
• Preferred professional certifications include:
• GIAC (GCIH, GCIA, GCFA)
• CompTIA CySA+ or CASP+
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Cisco CCNP or an equivalent qualification.
• Comprehensive knowledge of security operations, incident investigation, and threat detection methodologies.
• Familiarity with SIEM and security monitoring platforms, such as Microsoft Sentinel, Wazuh, SentinelOne, or similar technologies.
• Strong understanding of networking basics, endpoint security, identity protection, and cloud security environments (Azure, AWS, or similar).
• Experience with advanced log analysis, threat hunting, and alert triage across various telemetry sources.
• Capability to troubleshoot intricate security issues and provide leadership during high-severity operational events.
• Excellent written and verbal communication skills for both internal operational documentation and client-facing interactions.
• Experience in enhancing security monitoring through detection engineering, alert tuning, and security automation.
• Acquainted with security frameworks, compliance standards, and operational security best practices.
• Aguinaldo (25 days – exceeding legal requirements)
• Vacation + 25% premium
• IMSS + Major medical insurance (family included)
• Monthly savings fund + pantry vouchers
• Transportation assistance
• Quarterly performance bonus opportunities
• Paid life events leave (parental, marriage, bereavement)
The Cigna Group
RealPage, Inc.
Trace3
Get handpicked remote jobs straight to your inbox weekly.