Security Operations Engineer

Overview

• This is a high-impact, hands-on role for a security professional who enjoys creating clarity in complex environments and has experience building and maturing security capabilities.
• The Security Operations Engineer will bring an engineering mindset to security program ownership: solving problems at scale, automating where possible, and designing capabilities that are durable, measurable, and defensible.
• Strong communication is essential - this person will work across technical and non-technical teams and must be able to translate complexity into clarity for a range of audiences.

Key Responsibilities

• Take full ownership of assigned security domains - build programs that start from a strong operational foundation and mature toward scalable, automated capabilities that evolve alongside the threat landscape and the firm's technology stack. Assignments will be determined based on team structure and may range from a focused set of primary domains to broad ownership across the full security operations portfolio.
• Develop and maintain workplans for each assigned domain with clear milestones, dependencies, and measurable outcomes; manage progress with limited day-to-day oversight and adapt priorities as the team and program evolve.
• Proactively identify gaps, risks, and opportunities within assigned domains and bring forward structured recommendations to leadership - backed by data and a clear implementation path.
• Track and report on key metrics across assigned domains - maintaining accurate, up-to-date data on coverage, remediation progress, and program activity to support leadership reporting and decision-making.
• Manage vendors and external partners supporting assigned domains. Hold partners accountable to SLAs, drive escalations, and evaluate opportunities to automate or replace manual dependencies.
• Collaborate cross-functionally with infrastructure, GRC, compliance, and platform engineering teams to ensure security requirements are operationalized effectively and at scale.

Detect & Respond

• Own and continuously mature Vista's detection and response capability in partnership with our MSSP. Set the standard for how threats are identified, investigated, and resolved across our environment.
• Serve as the internal escalation point for Vista's MSSP. Investigate suspicious and malicious activity across Vista's environment and build and maintain investigation tooling, queries, and workflows that allow for faster and more consistent analysis. Where possible, automate runbook execution or integrate runbook logic into response workflows.
• Escalate validated incidents, coordinate containment efforts, and document findings and investigative steps. Contribute to post-incident reviews to drive systematic improvements in Vista's detection and response processes.
• Identify opportunities to improve detection fidelity and translate recommendations back to Vista's MSSP partner to reduce MTTD/MTTR.

Platform Protection

• Own and operate Vista's platform protection program - maintain comprehensive coverage across devices, networks, and applications, and ensure the program evolves alongside the firm's technology environment.
• Assess and validate monitoring coverage across the environment; identify gaps, prioritize remediation, and track closure with clear owners and timelines - coordinating with infrastructure teams and reporting progress in a transparent and consistent way.
• Partner with Security Architecture to operationalize baseline security configurations across platforms. Leverage automation to validate configuration state, surface drift, and ensure findings are accessible to GRC.
• Run vulnerability and misconfiguration scans across Vista's environment; drive remediation in collaboration with infrastructure teams and track findings transparently.
• Ensure platform telemetry is properly ingested and available to Vista's MSSP; proactively identify and close logging gaps and report on coverage completeness.

Data Protection

• Own and engineer Vista's data protection program - building monitoring capabilities at scale, ensuring visibility is comprehensive, and closing gaps systematically as they are identified.
• Partner with Compliance, GRC, and the CISO to translate data classification and labeling requirements into technical controls; implement and validate those controls programmatically.
• Build and maintain DLP policy logic. Tune rules over time based on investigative findings, past alerts, and emerging patterns in the threat landscape. Automate alert triage and routing where possible.
• Leverage insights from the data loss program and broader threat landscape to contribute to firm-wide security awareness efforts and inform the risk register.

Identity & Access Management

• Own and mature an IAM program covering users, non-person identities, and privileged access - with a focus on automation, consistency, and auditability at scale.
• Build and maintain automated provisioning and deprovisioning workflows in partnership with infrastructure; define entitlement rules and ensure they are enforced systematically.
• Collaborate with GRC on access recertification processes and drive automation of review workflows to reduce manual effort and improve cycle time.
• Identify systems not currently integrated into standard IAM processes; engineer integrations to close coverage gaps and build toward a unified identity governance model.

Asset Management

Threat Intelligence

Secure Culture

• Own and operate a secure culture program that evolves alongside the threat landscape and Vista's technology environment.
• Configure, manage, and optimize security awareness training platforms to deliver firm-wide and role-based training in a programmatic way. Ensure enrollment, tracking, and reporting workflows are automated.
• Design and execute social engineering simulations that mimic adversary tradecraft. Analyze results at scale, identify behavioral patterns, and surface opportunities for high-value intervention.
• Treat human risk as a measurable, manageable variable. Rigorously assess the efficacy of awareness training at Vista as a security control using simulation results, completion data, and behavioral trends. Ensure data-driven conclusions are reflected in the risk register.

Key Requirement

• Approximately 6 years of experience in security engineering, security operations, or a related field; experience in cloud security strongly preferred
• Demonstrated engineering depth - hands-on experience building, configuring, and integrating security tools and platforms at scale
• Proficiency in scripting or automation (e.g. Python, PowerShell) to drive operational efficiency and eliminate manual processes across security programs
• Solid understanding of cybersecurity principles, frameworks, and common attack techniques, including those specific to cloud environments (e.g. misconfiguration, identity-based attacks, cloud-native threats)
• Demonstrated ability to own and drive programs forward with limited day-to-day guidance
• Experience managing or coordinating with external vendors or security partners
• Strong analytical and problem-solving skills; able to work through ambiguous situations independently
• Strong written and verbal communication skills, with the ability to document findings and present to technical and non-technical audiences

Preferred Qualifications

• Experience with SIEM platforms, EDR tools, DLP solutions, vulnerability management tools, or cloud security posture management (CSPM) solutions
• Experience building or maintaining SOAR playbooks or automated response workflows
• Familiarity with cloud security frameworks and controls (e.g. CIS Benchmarks, CSA CCM, NIST CSF)
• Familiarity with adversarial tactics, techniques, and procedures (TTPs)
• Experience working within a ticketing or queue-based workflow environment