SOC Detection Engineer (US Remote)

Remote
Full Time
Mid Level
At First Advantage (Nasdaq: FA), people are at the heart of everything we do. From our customers and partners to our greatest advantage — our team members. Operating with empathy and compassion, First Advantage fosters a global inclusive workforce devoted to the diverse voices that make up our talent and products. Our team members empower each other to be their authentic selves and treat all with respect, integrity, and fairness.

Say hello to a rewarding career, and come join a leading provider of mission-critical background screening solutions to some of the most recognized Fortune 100 and Global 500 brands.


Position Overview
We are seeking a skilled and forward-thinking Cybersecurity Engineer to join our Security Operations Center (SOC) team. In this pivotal role, you will be responsible for engineering, implementing, and supporting cutting-edge SOC tooling, including Security Information and Event Management (SIEM) platforms, Endpoint Detection and Response (EDR) systems, Security Orchestration, Automation, and Response (SOAR) solutions, and AI-driven security technologies. You will also be a key driver in building automations and integrating advanced analytics, ensuring our organization remains resilient in the face of ever-evolving cyber threats. This position will work EST hours and would be required to work after hours as needed to support incident response as part of an on-call rotation.

For compliance reasons, all personnel must be United States Citizens and have, for 3 of the past 5 years, resided in the United States OR worked for the United States overseas in a federal or military capacity OR be a dependent of a federal or military employee serving overseas. In addition to our standard pre-employment background check and drug screen, you will be required to undergo additional checks to obtain an LAR certification via the the proper channels in order to remain employed.

Key Responsibilities
  • Design, implement, and maintain SOC Tooling: Deploy, configure, and optimize SIEM, EDR, and SOAR platforms to support robust security operations, threat detection, and incident response.
  • Automation and Orchestration: Architect and develop automation workflows using SOAR platforms, leveraging scripting, APIs, and integration with other security tools to enhance operational efficiency.
  • AI and Advanced Analytics: Evaluate, implement, and maintain AI-powered security solutions for threat detection, anomaly detection, and automated response, collaborating with data scientists and security analysts.
  • Use of Query and Programming Languages: Develop and optimize complex detection rules, searches, and reports using query languages as well as scripting and programming languages (such as Python, PowerShell, or JavaScript).
  • Threat Detection and Incident Response Support: Collaborate with SOC analysts to tune detection logic, automate repetitive tasks, and ensure rapid, precise response to security incidents.
  • Incident Response: Provide hands-on support during security incidents, including investigation, containment, eradication, and recovery activities. Work with SOC analysts and other stakeholders to analyze incidents, develop response strategies, and implement corrective actions.
  • Security Monitoring: Continuously monitor enterprise systems, networks, and endpoints for suspicious activity, indicators of compromise, and vulnerabilities. Ensure security alerts are effectively triaged, investigated, and escalated as needed.
  • Integration and Engineering: Design and implement integrations between SIEM, EDR, SOAR, and other security or IT systems, ensuring seamless data flow and coordinated defense mechanisms.
  • Enterprise System Integration: Build and maintain connections between SOC tools and enterprise systems (such as ERP, HRIS, CRM, and other business applications) to enable comprehensive security monitoring and ensure visibility across the organization.
  • Continuous Improvement: Proactively monitor tool performance, analyze metrics, and drive improvements in detection, automation, and response capabilities.
  • Documentation and Knowledge Sharing: Create and maintain clear documentation for detection rules, automation workflows, and SOC tooling architecture. Share best practices with peers and mentor junior team members.
  • Collaboration: Work closely with IT, engineering, and application teams to ensure that security controls are integrated into business processes and technical solutions.
  • Compliance and Regulatory Support: Assist in ensuring SOC tooling and processes meet compliance requirements, such as PCI-DSS, HIPAA, GDPR, or industry best practices.
  • Participate in an on-call rotation as needed, typically once a month, to provide timely support for critical incidents and maintain the security posture of the organization.

Required Qualifications
  • Bachelor’s degree in Computer Science, Information Security, or a related technical discipline, or equivalent work experience.
  • Minimum of 5 years’ experience in cybersecurity engineering, SOC operations, or similar roles.
  • Hands-on experience with SIEM platforms, EDR tools, and SOAR solutions.
  • Proficiency building and maintaining automation and orchestration workflows using scripting languages (Python, PowerShell, Bash, etc.).
  • Strong skills in query languages for threat hunting and detection rule creation.
  • Experience integrating and supporting AI/ML security tools and applying analytics for threat detection.
  • Solid understanding of security operations, threat landscapes, and incident response methodologies.
  • Experience integrating security tools with APIs and developing custom connectors or enrichment scripts.
  • Experience integrating SOC tooling with enterprise systems for security monitoring and data correlation.
  • Excellent analytical, problem-solving, and troubleshooting abilities.
  • Strong verbal and written communication skills, with the ability to explain technical concepts to both technical and non-technical audiences.
  • Willingness to participate in an on-call rotation, typically once a month.

Key Attributes
  • Innovative Mindset: Enthusiasm for exploring and integrating new technologies to advance SOC capabilities.
  • Team Player: Collaborative spirit with a willingness to mentor, share knowledge, and support fellow engineers and analysts.
  • Adaptability: Comfort in a fast-paced, evolving environment with shifting priorities and new challenges.
  • Attention to Detail: Diligence in designing precise detection logic, automations, and documentation to ensure accuracy and reliability.
  • Ethical Approach: Unwavering commitment to upholding security, privacy, and compliance standards.
Preferred Qualifications
  • Relevant cybersecurity certifications.
  • Experience working with cloud security tools and environments and their native security features.
  • Knowledge of threat intelligence platforms, vulnerability management systems, and network security solutions.
  • Background in DevSecOps, CI/CD pipeline security, or security testing automation.
  • Familiarity with compliance frameworks and regulatory requirements.
  • Experience collaborating with cross-functional teams in large or complex enterprise environments.

Why First Advantage is Your Next Big Career Move  
First Advantage is going through a technology transformation! We are looking for experts who are excited to work with advanced technologies and provide best-in-class user experiences, drive the development and deployment of scalable solutions, and smoothly guide our agile teams and clients through meaningful changes as we continue to expand our impact.

What Are You Waiting For? Apply Today!
You have learned a little about us today – we want to learn about you! If you think this position and our company are a great fit for your areas of interest and expertise, tell us about you by applying now!

The salary range for this position is approximately $110,000-140,000 base annually. This range reflects our good faith estimate to pay fairly as to what our ideal candidates are likely to expect, and we tailor our offers within the range based on the selected candidate’s experience, industry knowledge, technical and communication skills, and other factors that may prove relevant during the interview process.

United States Equal Opportunity Employment:

First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.

Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status



Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*