Associate Security Engineer Jobs in California (NOW HIRING)

Andersen's information security function is expanding, and this role sits at the operational core of that effort. The Senior Associate, Security Operations serves as the firm's internal hub for day-to-day security operations, owning the relationship with our managed detection and response provider, triaging and coordinating incident response, managing security vendor relationships, and executing client security due diligence. This role requires a candidate who is equally comfortable analyzing a threat escalation and drafting a vendor risk assessment.

The Senior Associate reports to the Head of Security Engineering & Architecture, with dotted-line accountability to the Senior Manager, Governance, Risk & Compliance for client diligence and vendor risk.

After-hours availability is a firm requirement of this role; high-severity incidents do not observe business hours.

The Senior Associate, Security Operations can expect to:

• Serve as the firm's internal incident response coordinator, working alongside the managed detection and response provider during active security events
• Execute, test, and continuously improve IR playbooks through regular tabletop exercises, lessons learned, and evolving threat intelligence
• Coordinate internal stakeholder communication during incidents, escalating at appropriate severity thresholds
• Produce post-incident reports that are clear, factual, and actionable for both technical and executive audiences

• Serve as the primary day-to-day liaison to the firm's MDR provider; review threat reports, detection summaries, and alert trends, and hold the provider accountable to SLAs
• Triage MDR escalations – assess severity, validate findings, and initiate the appropriate internal response workflow
• Coordinate detection rule tuning and alert threshold adjustments to reduce false positives and improve signal quality
• Maintain a working knowledge of the MDR's detection logic and coverage gaps, flagging concerns proactively to the Head of Security Engineering & Architecture

• Execute responses to client security questionnaires and due diligence requests accurately and on time, drawing on the response library maintained by the Senior Manager, GRC
• Ensure questionnaire responses reflect the firm's current control posture and active certifications, escalating discrepancies or coverage gaps immediately
• Manage the intake and tracking of diligence requests, flagging new or unusual questions to the Senior Manager, GRC to drive updates to the approved response framework

• Support the Head of Security Engineering & Architecture in day-to-day security operations, including vulnerability management tracking and remediation follow-up
• Manage operational relationships with security technology and service vendors, tracking contract terms, renewal dates, and SLA performance
• Partner with the Senior Manager, GRC on vendor risk assessments, ensuring reviews are completed on schedule and findings are tracked to remediation
• Maintain operational documentation including runbooks, contact trees, and escalation procedures
• Contribute to security awareness initiatives and serve as a resource for internal teams with security-related questions
• Identify and assess security risks introduced by AI-assisted attacks, including AI-augmented phishing, deepfake-based social engineering, and adversarial use of AI agents; incorporate AI threat scenarios into tabletop exercises and ongoing IR playbook updates
• Monitor for security exposure from internal use of unsanctioned AI tools and citizen developer platforms, coordinating with the Senior Manager, GRC to ensure shadow AI risks are tracked and escalated appropriately

The Requirements

• 5+ years of experience in security operations, incident response, or a closely related discipline
• Bachelor's degree in Information Security, Computer Science, or a related field
• Demonstrated experience triaging and coordinating incident response, including hands-on involvement during active security events
• Ability to execute, test, and improve IR playbooks, evaluating their effectiveness and driving meaningful enhancements, not just following them
• Working familiarity with managed detection and response services, including how to interpret their outputs and manage them as an operational partner
• Experience managing vendor relationships in a security context, including SLA oversight and contract coordination
• Experience with client security due diligence, including responding to security questionnaires and third-party assessments
• Technical fluency across core security domains: endpoint security, network fundamentals, log analysis, and threat detection
• Proficiency with enterprise security tooling including SIEM, EDR, and ticketing platforms
• Working knowledge of AI-enabled threat vectors, including AI-augmented social engineering, adversarial AI agent activity, and the security risks introduced by citizen developer platforms and unsanctioned AI tool adoption within the enterprise
• Strong written communication skills; able to produce clear incident reports and professional client-facing responses under time pressure
• Availability and willingness to respond to high-severity incidents outside of business hours

Preferred

• Relevant certification in incident handling or security analysis (e.g., GCIH, GSEC, GSOC)
• Background in professional services or consulting, where security posture directly impacts client relationships
• Familiarity with SOC 2 or ISO 27001 control environments and how security operations intersect with compliance requirements
• Exposure to threat intelligence platforms or processes
• Familiarity with AI security risk frameworks such as NIST AI RMF or MITRE ATLAS, and practical exposure to assessing risks from AI agent deployments and employee use of generative AI tools

Compensation and Benefits

Our firm offers competitive base compensation, benefits package, and a discretionary employee bonus program for eligible employees based on individual and firm performance metrics per the defined program guidelines. For individuals hired to work in the United States, the expected salary range for this role is $115,000-$130,000; the actual salary offer can vary based upon employee qualifications.

Benefits: Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our firm's 401(k) plan upon hire. We offer paid time off, beginning at 160 hours annually and provides twelve paid holidays throughout the calendar year. For a full listing of benefit offerings, please visit https://www.andersen.com/careers/faqs.

Compensation: In addition to competitive base compensation, our firm offers annual discretionary bonuses based on firm and individual performance, a discretionary long-term cash incentive program, and other forms of discretionary compensation that would be offered to the hired applicant in addition to their established salary range scale.

Applicants must be currently authorized to work in the United States on a full-time basis upon hire. Andersen will not consider candidates for this position who require sponsorship for employment visa status now or in the future (e.g., H-1B status).

Equal Opportunity

Andersen Tax is an equal opportunity employer committed to fostering an inclusive workplace. We evaluate all applicants and employees without regard to race, color, religion, national origin, ancestry, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity or expression, age, disability, genetic information, marital status, military or veteran status, or any other characteristic protected under applicable federal, state, or local law. All qualified applicants, including those with criminal histories, will be considered in a manner consistent with applicable law. We provide reasonable accommodations to qualified individuals with disabilities and to individuals with sincerely held religious beliefs, practices, or observances as required by law.