Senior Security Operations Engineer

At Affinity Plus every employee understands how their work affects our members experience and we strive to provide an experience that can't be found anywhere else. Great service starts with great employees and that is why we focus on providing not only the best place our members will ever bank but the best place our employees will ever work. Between our one of a kind culture, incredible benefits, and work/life balance; we believe you will feel the Affinity Plus difference.

Position Summary

The Senior Security Operations (Sec Ops) Engineer is a handson senior individual contributor responsible for defending the organization against advanced cyber threats through high-fidelity detection, rapid response, and resilient security operations. This role anchors production incident response while owning and continuously improving the organization's SIEM and detection engineering capabilities. This position is Splunkfirst, with primary tool ownership of Splunk Enterprise Security, including detection, content lifecycle management, alert quality, performance optimization, and platform reliability. The Senior SecOps Engineer partners closely with Information Security, IT, Cloud, Infrastructure, and Security Architecture teams to measurably improve threat visibility, response efficiency, and the overall maturity of security operations.

Duties & Responsibilities:

Security Monitoring & Incident Response

• Support investigation and response activities for security incidents by collaborating closely with Information Security, responding to alerts generated by SIEM, EDR, cloud security, and other security platforms.
• Investigate highseverity and complex incidents coordinating escalation as needed with Information Security and IT teams.
• Support incident response activities during major security events with Information Security, IT and Cloud teams under the direction of designated incident response leadership.
• Partner with response teams to develop and communicate riskbased response decisions, including containment actions, during active incidents.
• Perform deep-dive forensic analysis and root-cause investigations following security events and recommend control improvements to prevent recurrence
• Participate in and help coordinate a 24/7 on-call rotation, responding to after-hours incidents as required

Detection Engineering & Threat Hunting

• Design endtoend detection lifecycle in Splunk Enterprise Security, from hypothesis and development through production deployment, tuning, and retirement
• Design, build, and tune high quality signal detections that reduce false positives and improve mean time to detect and respond
• Conduct proactive threat hunting using SIEM, endpoint, identity and cloud telemetry to identify hidden or emerging threats
• Analyze logs and telemetry to identify trends, anomalous behavior, and indicators of compromise
• Leverage query languages such as SPL and KQL to build effective detection and investigative workflows

Security Tooling & Automation

• Build, operate, and optimize Endpoint Detection and Response (EDR) solutions with a focus on scalability and automation
• Provide subject matter expertise on detection engineering and SIEM architecture to security and IT partners
• Support SIEM operations through use case placement, data routing decisions, and ongoing platform enhancements
• Serve as a subject matter expert for SIEM and detection engineering, providing guidance on logging, telemetry, and monitoring design
• Collaborate on SOAR and security automation initiatives to streamline response and remediation workflows
• Continuously evaluate tooling capabilities and recommend pragmatic improvements aligned to operational needs

Vulnerability & Risk Management

• Act as the lead IT representative in vulnerability management processes, partnering with Information Security on risk prioritization, remediation coordination, validation, and reporting.
• Apply or coordinate approved security patches and upgrades for vulnerable systems and platforms
• Partner with system owners to ensure timely remediation of critical vulnerabilities
• Utilize vulnerability management platforms (e.g., Rapid7 InsightVM) to identify, prioritize, and track remediation of security risks.

Microsoft & Enterprise Security Platforms

• Operate and optimize Microsoft security technologies including Microsoft Sentinel, Defender, Entra ID, Intune, and Purview
• Ensure relevant Microsoft and cloud telemetry is effectively ingested into Splunk for centralized detection and response
• Collaborate with identity, endpoint, and core IT service teams to enhance protections across Microsoft ecosystems
• Support logging and monitoring strategy across cloud and on-premise environments

Collaboration, Mentorship & Advisory

• Partner with Security Architecture, Cloud, Application, and Infrastructure teams on secure design and implementation efforts
• Review third-party and vendor security assessments, identifying risks and tracking remediation activities
• Provide expert security guidance and recommendations to project teams and business stakeholders
• Mentor junior SecOps members and contribute to a culture of security awareness and operational excellence
• Communicate emerging threats, risks, and mitigation strategies to technical and non-technical stakeholders

Qualifications and Skills

Required Qualifications

• 5+ years of progressive experience in security operations, incident response, SOC, or related cybersecurity roles
• Demonstrated experience leading investigations of real-world security incidents in enterprise environments
• Advanced understanding of security monitoring, detection engineering, and incident response frameworks
• 4+ years of strong hands-on experience with SIEM platforms, with Splunk Enterprise Security preferred
• Experience developing and tuning detections using SPL, KQL, or similar query languages
• Deep experience with endpoint security and XDR platforms
• Proven experience with vulnerability management programs and remediation workflows
• Strong knowledge of network security concepts including firewalls, WAFs, IDS/IPS, and defense-in-depth strategies
• Working knowledge of cloud security principles across AWS, Azure, and hybrid environments
• Ability to clearly document events, incidents, findings, and remediation actions
• Excellent communication skills with the ability to collaborate across technical and business teams

Preferred Qualifications

• Bachelor's degree in computer science, Information Systems, Engineering, or equivalent practical experience
• 4+ years of strong hands-on experience with Splunk administration, Microsoft Sentinel, or other enterprise SIEM platforms
• Familiarity with SOAR platforms and security automation technologies
• Experience supporting audits, penetration testing remediation, or regulatory assessments
• Professional certifications such as CISSP, GCIH, GCIA, SC-200, Security+, or equivalent certifications from GIAC, (ISC), or Microsoft

Work Environment
This role is: Virtual First - Requires reliable internet access and home office setup with the ability to travel onsite for required meetings and/or events.

Physical Requirements
* Sitting 90% and standing 10%.
* Working at a computer 90% of the day, utilizing the phone 10%.
* Bending, twisting, kneeling, stooping, or crouching when appropriate, on occasion
* Repetitive movements, including but not limited to typing, using a mouse, phones, etc.
* Lift, carry, push or pull up to approximately 30 pounds

Requires onsite presence based on coordination of work with other employees and/or departments. May require travel to attend on-site meetings/events for collaboration, connection, project work, All-Employee Day, etc.

Required Work Schedule
Standard Monday through Friday business hours with a willingness to work a flexible schedule as needed. Participation in a 24/7 on-call rotation and availability after hours for incident response, vulnerability remediation, system upgrades, or emergency support. Consistent and reliable attendance is a required essential function of this role to meet the needs of the department/team and organization.

Location

This position will have the opportunity to work virtually, but candidates should live in Minnesota or Wisconsin. Working onsite throughout the year for meetings and team events will be required and are typically held in or near St. Paul, MN. Additionally, once hired, more time onsite may be required initially for collaboration and working sessions.

Compensation

This position has a starting pay range of $102,900 - $133,750 annually.

In alignment with our commitment to pay transparency, we are providing a good-faith estimate of the pay range for this position. This range reflects what we anticipate offering a successful candidate based on factors such as the role's responsibilities, required qualifications, and relevant experience. The actual pay may vary depending on the selected candidate's skills, experience, and other qualifications.

Total Rewards

Affinity Plus offers a comprehensive Total Rewards package that goes beyond base pay. In partnership with the State of MN Employer Group, Affinity Plus provides low-cost medical, dental and vision insurance coverage options. Additionally, Affinity Plus frontloads all sick time hours and a portion of vacation hours for all new employees, offers a variety of paid leave options, a monthly wellness benefit, and immediate 401K matching up to 5%. Our Total Rewards philosophy is designed to support your well-being and growth while fostering a fair and inclusive workplace.

Disclaimer

Applicants may be subject to a background and credit check. Applicants must be legally authorized to work in the U.S. without sponsorship.

Employees in this position must be able to satisfactorily perform the essential functions of the position. If requested, Affinity Plus Federal Credit Union will make every effort to provide reasonable accommodations to enable employees with disabilities to perform the position's essential job duties. As markets change and the Organization grows, job descriptions may change over time as requirements and employee skill levels evolve. With this understanding, Affinity Plus Federal Credit Union retains the right to change or assign other duties to this position.

Application Deadline

Affinity Plus Federal Credit Union accepts applications on a rolling basis.