Security Engineer – Security Operations & Production

About the role

We are seeking a mid-level Security Operations & Production Security Engineer to support Realtime’s growing security, architecture, and production operations. The role bridges security operations, detection engineering, incident response, cloud/identity security, and production readiness in a small, fast-moving team.

Key responsibilities

• Monitor and triage alerts across Microsoft Defender, Sentinel, Huntress/MDR, Wiz, Datadog, Jira and Slack channels, validating severity, business impact and escalation needs.
• Coordinate security events from initial triage through containment, documentation, closure and post-incident follow-up.
• Develop, tune and maintain detection logic in Huntress, Defender, KQL and related tools, reducing false positives and alert noise.
• Build and improve runbooks, investigation workflows and playbooks for phishing, malware, suspicious sign-ins, cloud exposure and account compromise.
• Support basic SOAR/automation using Logic Apps, webhooks or other workflow tools.
• Assist with incident response for endpoint, identity, cloud, email and suspicious activity events, including containment actions and evidence collection.
• Maintain incident timelines, evidence logs and operational reporting, and ensure day-to-day security operations run smoothly.

Required profile

• Mid-level professional with strong SOC experience looking to expand into security engineering and production support.
• Hands-on, adaptable and comfortable wearing multiple hats in a small team.
• Ability to work independently, prioritize alerts and coordinate with managed SOC/MDR partners.
• Strong analytical and documentation skills for runbooks and incident timelines.

Required skills

• Microsoft Defender
• Microsoft Sentinel
• Huntress (or MDR solutions)
• Wiz
• Datadog
• Jira
• Slack
• KQL (Kusto Query Language)
• Logic Apps
• SOAR automation (e.g., playbooks, webhooks)