Security Operations Engineer II (Employer of Record)

📋 Description

• • Operate and tune enterprise security tools including EDR, SIEM/SOAR, WAF/proxy, and email security systems to detect and mitigate threats.
• • Manage proxy filtering policies, SSL inspection configurations, and performance troubleshooting for network security infrastructure.
• • Build automation and playbooks using Python, PowerShell, SOAR platforms, and APIs to streamline Security Operations tasks and reduce manual toil.
• • Implement CI/CD pipelines and Infrastructure-as-Code workflows to ensure consistent, auditable, and repeatable security configuration changes.
• • Author, tune, and validate detection rules to improve alert signal quality and reduce false positives across security toolsets.
• • Maintain and develop health dashboards, uptime metrics, coverage reports, and change governance documentation for security systems.
• • Conduct knowledge transfers through runbooks, how-to guides, tabletop exercises, and lunch & learn training sessions for team enablement.
• • Administer URL/category policies, identity-aware access controls, geo/risk-based filtering, and SSL inspection rules with performance optimization.
• • Analyze block events for false positives, measure operational impact, retire outdated exceptions on schedule, and report residual risk.
• • Build and maintain an automation backlog in partnership with the Security Operations team, prioritizing high-frequency, high-toil tasks.
• • Provide on-call support for tooling availability, data ingestion, and normalization issues as part of a 24/7 Security Operations Center.
• • Report incidents and outages following established procedures and coordinate with stakeholders for containment, eradication, and recovery.
• • Detect, analyze, and respond to security incidents using threat intelligence and incident response protocols.
• • Assist in developing testing criteria for new detection signatures and rules to enhance threat visibility.
• • Keep documentation, network diagrams, and asset inventories current and accurate to support compliance and operational continuity.
• • Monitor and respond to alerts from multiple security toolsets in real-time as part of continuous SOC operations.
• • Participate in on-call rotations that include nights, weekends, and holidays to ensure uninterrupted security coverage.
• • Remain compliant with company policies, processes, and legal guidelines while performing all assigned duties.
• • Work primarily remotely with occasional travel required to a Credit Acceptance corporate facility.
• • Regularly overlap with U.S. business hours to enable collaboration with global team members.
• • Synthesize complex security data into actionable insights and formal/informal reports for technical and non-technical audiences.
• • Apply knowledge of MITRE ATT&CK Framework and Cyber Kill Chain to identify attacker TTPs and improve defensive posture.
• • Demonstrate ownership of security tooling, automation initiatives, and operational outcomes with a proactive, solution-oriented mindset.
• • Communicate clearly and effectively across teams, influencing without authority and leading cross-functional security initiatives.
• • Maintain a high attention to detail, urgency in meeting goals, and pride in work quality while managing multiple priorities simultaneously.