Mantis Security is seeking a Senior SOC Engineer to support cybersecurity operations within a cloud-enabled, mission-critical environment. This is a hands-on defensive role focused on monitoring, detection, and incident response.

The engineer will operate within a SOC/MDT, working with infrastructure teams to identify threats, investigate incidents, and improve detection capabilities. This role emphasizes execution and technical depth rather than leadership.

Key Responsibilities

- Perform security monitoring, alert triage, and incident response 

- Investigate events to determine scope, impact, and root cause 

- Execute containment, eradication, and recovery actions 

- Conduct log analysis using SIEM tools (Splunk, OpenSearch, etc.) 

- Develop and tune detections, correlation rules, and dashboards 

- Perform threat hunting using hypothesis-driven approaches 

- Analyze network traffic and system activity for threats 

- Support vulnerability management and remediation efforts 

- Document incidents and findings through clear reporting 

- Collaborate with engineering teams to improve visibility and security posture 

- Contribute to ATO packages and RMF artifacts 

Technical Environment:

- SIEM: Splunk, OpenSearch, Elastic 

- Cloud: AWS Commercial and GovCloud 

- Network Security: Firewalls, IDS/IPS 

- Vulnerability Management: Nessus, ACAS 

- Monitoring: GuardDuty, Security Hub 

- Analysis Tools: Wireshark, tcpdump 

Role Scope

This is a senior individual contributor role focused on executing SOC operations, improving detections, and strengthening defensive capabilities. It does not include team leadership or organizational responsibilities. 

Required Qualifications

- Active TS/SCI clearance 

- 10+ years of experience in SOC, cyber defense, or incident response 

- Experience with security monitoring, investigation, and network defense 

- Strong network fundamentals (routing, segmentation, firewalls, packet flow, SD-WAN) 

- Proficiency with SIEM/log analysis platforms 

- Experience contributing to RMF / compliance requirements 

- Strong written communication skills 

- Security+ (or IAT Level II equivalent) 

Desired Qualifications

- Background in cyber defense, detection engineering, cloud, or network security 

- Experience with AWS security tools (CloudTrail, GuardDuty, Security Hub, Config, IAM Access Analyzer, CloudWatch) 

- Experience with vulnerability management tools (ACAS, Nessus, Tenable) 

- Experience with threat hunting methodologies 

- Familiarity with IDS/IPS, EDR, and network security tools 

- Exposure to forensic analysis tools and techniques