Cortex Xdr Jobs (NOW HIRING)

About us At Echelon Risk + Cyber, we believe in defending basic human rights to security and privacy. We seek a highly skilled and hands‐on Security Operations Technical Lead to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. Our next team member will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity.

This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions. As the Security Operations Technical Lead , you will build and mature our SOC capabilities within our MSSP practice. The ideal candidate brings 7–10 years of MSSP experience (with at least 5 years on a SOC team ) and a strong security engineering background across EDR/MDR, SIEM, Microsoft 365 security, and email security .

In this role, you'll guide day‐to‐day SOC operations, detection engineering, and incident response, while remaining primarily hands‐on . At Echelon, you will have the opportunity to engage with clients, business partners and systems that are at the cutting edge of technology. We allow our employees to build from the ground up and make an impact across the organization.

We look for driven and proactive people that are eager to contribute to a distinct and thriving Cybersecurity services organization, that can adapt to a rapid and changing environment. This is a remote position from anywhere in the USA. What You Will Do SOC leadership & maturity (no hiring duties): Establish and refine SOC processes (tiering, shift coverage, escalation paths, QA, SLAs/OLAs).

Drive runbook discipline, training plans, and continuous improvement for service quality. Own SOC KPIs (MTTD/MTTR, detection efficacy, false‐positive rate, case aging, CSAT/NPS). Detection & response (hands‐on): Build and tune detections in SIEM/XDR; develop correlation rules, parsers, and dashboards.

Lead investigations and major incident end‐to‐end; conduct post‐incident reviews and reporting. Perform proactive threat hunting aligned to MITRE ATT&CK and emerging TTPs. Tooling & platform engineering: Deploy, integrate, and operate EDR/MDR (CrowdStrike, SentinelOne, Blackpoint ), Microsoft 365/Windows Defender , SIEM, SOAR, email security, vulnerability scanners, and NSM tools.

Engineer log onboarding/normalization across cloud (AWS, Azure, M365 , GCP), network, endpoint, identity, and SaaS sources. Build automation/orchestration playbooks to reduce MTTD/MTTR and analyst toil. Service delivery & client engagement: Serve as technical point of contact for customers; present posture reviews and improvement plans.

Define and meet service SLAs; contribute to SOWs, service catalogs, and onboarding playbooks. Coordinate with customer IT/CISO teams, vendors, and legal/compliance during incidents. Risk, compliance & continuous improvement Map detections, controls, and reporting to frameworks/standards (NIST CSF/800‐53, CIS Controls, SOC 2, ISO 27001).

Drive vulnerability and exposure management with risk‐based prioritization. Run tabletop exercises, purple‐team activities, and lessons learned. Your knowledge, skills, and abilities Deep knowledge of SOC operations (triage, incident lifecycle, evidence handling, documentation).

Strong grasp of Windows/*nix/AD/ M365 , identity security (SSO/MFA), network protocols, and cloud telemetry. Expertise in detection engineering and query languages (SPL, KQL , Elastic DSL, AQL). Familiarity with adversary emulation and frameworks (MITRE ATT&CK, D3FEND, CIS Controls).

Understanding of email security (phishing, BEC), vulnerability scanning/patching, and network security monitoring (IDS/IPS, PCAP). Proficiency with SOAR concepts and playbook design (enrichment, containment, ticketing). Scripting/automation (PowerShell, Python, or equivalent) for enrichment, triage, and response.

Clear written/verbal communication for executive briefings and technical reports. Applicants must have authorization to work in the United States without current or future visa sponsorship. Specific Qualifications Experience: 7–10 years in MSSP settings; 5+ years on a SOC team; 2–4+ years in a lead/technical lead capacity.

Platforms (hands‐on in several): EDR/XDR/MDR: CrowdStrike, SentinelOne, Blackpoint, Microsoft Defender for Endpoint, Cortex XDR, etc. Microsoft ecosystem: Microsoft 365, Windows Defender / Defender for Endpoint, Defender for Office 365, Azure security telemetry (KQL, Log Analytics, Sentinel). SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar, Exabeam, or similar.

SOAR: Splunk SOAR, Cortex XSOAR, Sentinel automation. Email security & awareness: Mimecast, KnowBe4, Material Security, M365 Defender for Office 365. Vulnerability management: Tenable, Qualys, or Rapid7.

NSM/IDS: Zeek, Suricata, commercial IDS/IPS. IR leadership: Proven track record leading medium/major incidents (ransomware, BEC, insider, cloud credential abuse). Cloud: Experience securing and monitoring AWS/Azure/GCP and M365 (identity and endpoint telemetry).

Process: Built or matured playbooks, runbooks, use‐case catalogs, and service reporting. Demonstrated KPI/OKR management. Certifications (nice to have): CISSP, GIAC (GCIA/GCIH/GCFA/GCDA/GMON), OSCP, Azure/Microsoft security (SC‐200/SC‐100), Splunk, CrowdStrike CCFR/CCFA, or similar.

Availability: Able to participate in escalation/on‐call rotation and support off‐hours incidents as needed. Education: BS in CS/Cybersecurity or equivalent experience (experience > degree where applicable). Why Echelon?

We are committed to creating an inclusive environment for our team with unquestioned integrity. If you have a special need that requires accommodation, please let your recruiter know. One of our core values in "People with Personality" and we want to allow you the space to bring your full self to work.

Benefits Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer. Employer funding to HSA accounts and FSA access. Access to a 401(k) through Vanguard with a guaranteed employer contribution Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to 11 holidays with flexibility based on what is important for you and those you love.

Family‐friendly benefits, including weeks off for Maternity leave, weeks off for non‐birthing parent leave, employer‐paid short‐term and long‐term disability, employer‐paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more Support on individual development through certifications, continued learning, conferences, and more We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.

#J-18808-Ljbffr