Information Security Engineer - Security Operations (SOC)
Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Health's robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet® nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston.
Job Summary:
The Information Security SOC Engineer is a hands'on cybersecurity professional responsible for engineering, operating, and automating detection and response capabilities. The engineer designs and maintains content in Microsoft Sentinel (data connectors, analytics rules, hunting queries, workbooks), enhances protections with Microsoft Defender (Endpoint/XDR, Office 365, Identity), and builds automation using Azure Logic Apps.
Key Responsibilities:
Typical duties may include:
Detection Engineering & SIEM Operations (Microsoft Sentinel and Rapid 7)
' Own Sentinel content lifecycle including data ingestion, analytic rules, KQL queries, UEBA tuning, watchlists, and dashboards.
' Develop hunting queries and proactive threat detection logic.
' Implement incident enrichment and correlation across multiple data sources.
Endpoint, Email, and Identity Protection (Microsoft Defender)
' Engineer configurations within Microsoft Defender for Endpoint/XDR, Defender for Office 365, and Identity protection.
' Integrate Defender alerting with Sentinel for enhanced detection correlation.
Automation & Orchestration (Azure Logic Apps)
' Build, deploy, and manage Logic Apps SOAR playbooks for automated triage, enrichment, and response.
' Implement approval flows, track automation metrics, and improve MTTR.
Incident Response & Collaboration
' Support containment, eradication, and recovery of security incidents.
' Conduct post-incident reviews and update detection logic and processes accordingly.
Runbooks, Documentation & Continuous Improvement
' Maintain engineering runbooks, playbooks, and process documentation.
' Track SOC metrics and produce security operational dashboards.
Required Qualifications & Skills:
' Bachelor's degree in Cybersecurity/IT or equivalent experience.
' 2'4+ years in SOC, SIEM engineering, or detection/response roles.
' Experience building automation.
' Strong understanding of incident response and MITRE ATT&CK.
' Experience integrating MSSP feeds and third-party tools.
' Certifications such as SC'200, SC'100, AZ'500, Security+, CEH
' Strong analytical and communication skills.
' Team-oriented with a positive and professional approach.
Preferred Qualifications:
' Hands'on experience with Microsoft Sentinel (KQL, analytics rules, workbooks, connectors).
' Hands'on experience with Microsoft Defender (Endpoint/XDR, Office 365, Identity).
' Scripting experience (PowerShell, Python).
' Experience building automation using Azure Logic Apps.