Senior Security Engineer - SecOps

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.    Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our  company values . Responsibilities     Incident Response   Handle investigation and response to security incidents across endpoints, identities, email, cloud workloads, and SaaS applications   Act as a senior escalation point for SOC analysts during complex or ambiguous security events   Participate in on-call rotations and provide senior-level escalation support when needed   Lead or contribute to post-incident reviews (RCA, postmortems) and track remediation actions to completion   Ensure incidents are accurately documented for audit, compliance, and operational learning   Maintain and improve incident response runbooks, playbooks, and escalation procedures   Support incident readiness activities, including tabletop exercises and response drills     Detection Engineering & Automation   Develop, tune, and  maintain  Microsoft Sentinel analytics rules to improve detection quality and reduce false positives   Design and  optimize  KQL queries for investigations, threat hunting, and detection engineering   Integrate and  maintain  log sources and data connectors in Microsoft Sentinel, ensuring data quality and proper normalization   Build and  maintain  SOAR automation and playbooks (Logic Apps) for alert enrichment, triage, and response     Proactive Security & Posture   Perform proactive threat hunting across Microsoft Sentinel and Defender data to  identify  emerging or stealthy threats   Monitor and continuously improve detection coverage and security posture (e.g., Secure Score, exposure signals)     SOC Maturity & Collaboration   Track and report on SOC and incident metrics such as MTTD, MTTA, MTTR, alert volume, and detection effectiveness   Partner with engineering and infrastructure teams to drive long-term remediation and risk reduction   Contribute to the continuous improvement of SOC tooling, automation, and operational maturity   Help define and improve SOC processes, workflows, and standards     Continuous Learning   Stay current on threat intelligence, attacker techniques (MITRE ATT&CK), and the Microsoft security roadmap     Key Qualifications   The knowledge, skills, and abilities typically  acquired  through the completion of a  Bachelor’s degree in Cyber Security , Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience.   5+ years of experience in Security Operations (SOC), Incident Response, or Detection & Response role, with  demonstrated  ownership of complex security incidents.   Hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (Defender for Endpoint, Identity,  Offic e  365, Cloud Apps).   P roficiency  in KQL (Kusto Query Language) for investigations, threat hunting, and detection engineering.   Experience designing, tuning, and maintaining SIEM detections and SOAR automation, including alert triage and response workflows.   Solid understanding of Azure cloud architecture, core services, and native security controls.   Familiarity with  Azure Entra ID, identity security concepts, RBAC, and IAM-related threats.   E xperience  with   handing   high-severity security incidents, including cross-team coordination and stakeholder communication.   Familiarity with MITRE ATT&CK, threat actor techniques, and modern attack methodologies across cloud, identity, and endpoint environments.   Experience supporting on-call rotations and working in a 24/7 or follow-the-sun SOC environment.   Strong written and verbal communication skills, with the ability to explain technical issues to both technical and non-technical audiences.   Ability to mentor junior analysts and contribute to the continuous improvement of SOC processes and tooling.   Relevant certifications such as Microsoft Security Operations Analyst Associate, Azure Security Engineer Associate, SC-200, SC-100,  CySA +, GCIH, GCIA, CISSP, or similar are strongly preferred.     Why  Truveta ?   Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prior