At Jacobs, we are dedicated to pushing the boundaries of innovation and delivering exceptional solutions to our clients. As a leader in our industry, we recognize the critical importance of synergies between cybersecurity, infrastructure, data, applications, and cloud technologies in today's digital landscape.
We are looking for a skilled and experienced Security Operations and Incident Response Engineer to support our Federal business. This role combines engineering expertise with hands-on incident response and security analysis. The successful candidate will design, configure, and optimize security tools, including CrowdStrike and QRadar, to enhance detection and response capabilities. US citizenship is required due to the sensitivity of federal engagements.
This role requires a broad understanding of cybersecurity principles, incident response procedures, and the ability to work in a fast-paced environment.
Location: Remote in the United States
Key Responsibilities:
* Security Engineering
* Design, implement, and fine tune security tools and solutions, including EDR (CrowdStrike), SIEM (QRadar), and other security platforms.
* Develop and maintain detection rules, alerts, and dashboards to improve visibility and threat detection.
* Integrate and optimize threat intelligence feeds to enhance correlation and alerting capabilities
* Troubleshoot and resolve performance issues in security tools and systems.
* Incident Response
* Lead and participate in investigations of security incidents, ensuring rapid containment and remediation.
* Conduct forensic analysis on compromised systems to identify root cause, IOC’s, and fortification strategies.
* Document and report findings to stakeholders, including technical details and remediation recommendations.
* Security Operations (SecOps)
* Actively monitor and manage security events, responding to alerts from SIEM and Security Tools
* Perform threat hunting to proactively identify and mitigate risks.
* Coordinate with internal and external teams to ensure continuous monitoring and rapid threat response.
* Compliance and Federal Standards
* Align engineering and operations activities with federal requirements such as CMMC, NIST 800-53, FISMA, and FedRamp.
* Support efforts to achieve and maintain CMMC certification requirements.
* Assist in audit assessments, providing technical documentation and evidence for CMMC and other federal compliance frameworks.
* Continuous Improvement
* Evaluate and recommend enhancements to security tools and processes.
* Develop and maintain runbooks, SOP’s, and engineering documentation for security operations and tools.
* Stay current with emerging threats, vulnerabilities, and industry best practices to continuously evolve the environment.
* Reporting
* Help generate and deliver daily, weekly, and monthly reports on security incidents and SOC activities.
* Soft Skills
* Strong analytical and problem-solving skills.
* Excellent communication and interpersonal skills.
* Ability to work in a fast-paced, high-pressure environment.
* Attention to detail, critical thinking, and a strong work ethic.
As a Jacobs innovator, you’ll collaborate with a team of geographically dispersed IT and business experts, while each of you discovers what drives you. At Jacobs, we believe in #TogetherBeyond, living inclusion, diversity, and cohesion; nurturing opportunity and encouraging career growth through mentorship and exemplary leadership; operating with the utmost integrity. We’ll help you grow, pursue, and fulfill what inspires you - so we can make big impacts on the world, together.
* Must be a US citizen
* 5-7 years of experience in security engineering, operations, or incident response roles, including tools tuning and optimization
* Hands-on experience with security tools such as CrowdStrike, QRadar, Proofpoint, and other security and vulnerability management platforms.
* Proficient in scripting or automation (Python, Powershell, or similar) to improve workflows and tools integration.
* Strong understanding of security frameworks and standards (e.g., CMMC, NIST 800-53, CIS Controls)
* Strong experience with network and endpoint security, including forensic techniques
Preferred Qualifications:
* Certifications such as CISSP, GIAC, (e.g., GCED, GCIA, GCIH), or CISM
* Familiarity with cloud security tools and environments (AWS, Azure, GCP, or OCI)
* Experience with advanced threat hunting and malware analysis techniques.
* Knowledge of orchestration tools like SOAR for automating work-flows.
