Lead Security Engineer

Lead Security Engineer (SIEM/EDR/IR) – MSSP

Location: Coimbatore, Tamil Nadu (Full-time)

Shift: 8:00 PM – 5:00 AM IST (MT business hours alignment)

Reports To: Security Operations Manager (solid-line)

Dotted Line: CEO (United States) for security stack strategy, POC prioritization, and major tooling decisions

The Mission

Fountain Hills Technologies is an Arizona-based MSSP expanding our 24/7 India operations. We’re seeking a senior, hands-on security engineer to own the security-technical direction of our SOC: improving detection quality, strengthening incident response, and ensuring our tooling and processes deliver consistent outcomes for U.S. customers (CT/ET today, growing MT). This is a high-ownership role with regular customer-facing involvement and measurable impact on operational effectiveness.

Core Responsibilities

• Security Technical Leadership: Set the technical standard for SOC investigations—what “good” looks like for triage, evidence capture, timelines, and escalation quality.
• Detection Engineering & Tuning: Own detection strategy and continuous improvement (use-case quality, tuning, noise reduction, enrichment, and correlation guidance).
• Incident Response Program (Security Lens): Build and mature IR playbooks and standards (severity criteria, evidence requirements, containment options, PIR improvements).
• L3 Escalation: Serve as the primary security escalation point for complex investigations and high-severity incidents; guide containment and remediation coordination.
• Automation & Enrichment: Reduce manual effort and improve speed/consistency by building lightweight automations for enrichment, evidence gathering, and investigation acceleration.
• Tooling Strategy + Modernization: Continuously research modern security capabilities, identify gaps, recommend improvements, and drive measurable outcomes.
• POC Leadership (Internal + Customer): Lead security-side POCs end-to-end—define success criteria, test coverage, and operational fit; document results; and drive rollout readiness (runbooks, training, and support model).
• Customer-Facing Technical Support: Join technical sales and customer calls to validate solutions, explain security findings, and build confidence in our approach.
• Operational Collaboration: Partner with the Ops Manager to turn lessons learned (PIRs, recurring patterns) into runbooks, tuning changes, and repeatable workflows.

Required Qualifications

• Experience: 10+ years in security operations/security engineering (SOC/MSSP experience strongly preferred).
• Hands-On SIEM + EDR/XDR Depth: Proven experience building/tuning detections, improving signal quality, guiding investigations, and operating EDR/SIEM workflows.
• Strong Security Fundamentals: Comfortable with endpoint, identity, email, and network attack patterns and how they appear in telemetry; able to guide investigation and containment decisions.
• IR Maturity Mindset: Demonstrated ability to create practical playbooks, raise evidence/communication standards, and improve response consistency.
• Automation Requirement: Ability to perform basic scripting/automation for enrichment (PowerShell and/or Python) to reduce manual investigation steps and improve escalation quality/speed.
• Communication: Excellent written/spoken English for customer calls, incident briefings, and internal leadership communication.
• Ownership & Judgment: Calm under pressure; able to make clear recommendations and drive work to completion.

Tools & Platforms (partial)

• Security & Identity: CrowdStrike (EDR/XDR), ThreatMate, FortiMail, KnowBe4, DNSFilter
• Infrastructure & Networking (awareness required): Palo Alto Firewalls, Cisco Meraki, Datto RMM
• Service Management: Zoho Desk

What Success Looks Like

• Higher Signal, Less Noise: Measurable reduction in false positives and improved true-positive handling and triage speed.
• Stronger IR Execution: Playbooks and evidence standards are consistently followed; PIR actions lead to real, tracked improvements.
• Better Escalations: Frontline escalations arrive complete (timeline, evidence, hypothesis, “what’s been tried”), reducing back-and-forth.
• Tech Stack Progress: A repeatable POC framework is in place; security tooling evolves continuously with clear ROI (coverage, speed, automation).
• Customer Confidence: Clearer explanations, better outcomes, and stronger technical leadership on customer calls.