Skip to main content

Security Operations Engineer in San Antonio

Job Description

We are seeking an experienced Network Security Engineer for a hybrid contract opportunity in San Antonio, Texas.

  • Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
  • Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
  • Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
  • Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
  • Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
  • Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
  • Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
  • Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
  • Support SOC operations by providing detection engineering, log onboarding, and data normalization.
  • Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
  • Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
  • Produce engineering reports, tuning documentation, and platform health assessments.
  • Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
  • Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps

Candidate must be a U.S. , pass required background checks, complete required cybersecurity, privacy, and operational training before gaining system access, and comply with TXCC security and data-handling requirements. Occasional after-hours support may be required with TXCC approval. Work must be performed from within the United States unless TXCC grants prior written approval.

The working position is Hybrid - On Site and Telework.

Minimum Requirements:

  • 5 years of SOC operations experience
  • 5 years of Hands‑on experience with IDS/IPS platforms, specifically Cisco Firepower and TippingPoint, including signature tuning, false‑positive reduction, and threat‑driven detection improvements.
  • 5 years of Advanced packet capture (pcap) and network analysis skills using Corelight, NetWitness, and CRIBL pipelines to identify anomalies, malicious traffic, and lateral movement.
  • 5 years of Experience maintaining and tuning EDR platforms, including CrowdStrike Falcon and SentinelOne, and integrating EDR telemetry into SIEM and orchestration workflows.
  • 5 years of Threat intelligence application expertise
  • 5 years of Develop detection logic aligned with adversary TTPs

:

  • 5 years Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
  • 5 years Experience operationalizing threat intelligence by converting indicators and TTPs from Recorded Future, ThreatMon, GreyNoise, Google Threat Intelligence, VirusTotal, and Mandiant into SIEM rules, IPS signatures, and automated enrichment logic.
  • 5 years Perform packet-level analysis to validate alerts and identify malicious activity
  • 5 years Serves as an escalation SOC analysts to support other SOC analyst and incident responders with enriched network-level intelligence
  • 5 years Proficiency with Google SecOps and Cyware (SOAR) orchestration, including building automated workflows that integrate SIEM, IDS/IPS, EDR (CrowdStrike, SentinelOne), threat intelligence, and Jira ticketing for SOC automation
  • 4 years Security Certifications (CISSP, CEH, GISF, GSEC, CySA+, Sec+)

What We Offer:

Sistema offers competitive pay and solid benefits, including medical, dental, and vision coverage. We keep things simple, focus on people, and prioritize long-term relationships with our clients and consultants.

Apply now if you’re a clear communicator, problem solver, and ready to work in a hybrid environment in San Antonio, Texas!

Security Operations Engineer in San Antonio

San Antonio, TX
Full time

Published on 06/30/2026

Share this job now