Lead Security Engineer

About Calian

At Calian, we help organizations overcome obstacles, manage risks, and drive progress. Since 1982, we’ve grown from a small consulting firm into a trusted global company across defence, space, health, nuclear energy, public safety, and government.

We create innovative solutions that tackle complex challenges and help organizations and communities stay resilient, informed, and connected. If you’re driven by purpose and energized by solving real-world challenges, we want you on our team.

Job Type: Full Time

Position Overview

We are seeking a Lead Security Engineer to serve as the technical authority and Incident Commander for high-severity security events across our client base.

This role requires deep expertise in CrowdStrike Falcon and NGSIEM, with the ability to lead complex investigations, coordinate response efforts, and drive detection maturity across a multi-tenant MSSP environment.

While CrowdStrike will be the primary platform, the ideal candidate must be comfortable operating across multiple security technologies and telemetry sources.

This is a hands-on leadership role with on-call responsibilities.

Responsibilities

Incident Command & Response Leadership

• Serve as Incident Commander for high-severity and complex security incidents.
• Lead coordinated response efforts across SOC analysts, engineers, and client stakeholders
• Establish investigation strategy, task delegation, and communication cadence
• Drive containment, eradication, and recovery decisions
• Conduct post-incident reviews and root cause analysis
• Deliver executive-level incident briefings to clients

CrowdStrike & NGSIEM Engineering

• Architect and optimize CrowdStrike NGSIEM environments
• Develop and tune detection logic within NGSIEM
• Design ingestion strategies aligned with MSSP scale and cost efficiency
• Leverage Falcon telemetry for deep endpoint investigations
• Perform advanced query development and threat hunting
• Identify telemetry gaps and improve detection coverage

Multi-Platform Security Operations

• Investigate incidents across:Endpoint (CrowdStrike Falcon + other supported platforms)SIEM (NGSIEM + other supported platforms)Identity providersFirewall and network telemetryCloud platforms (AWS/Azure/GCP)Correlate signals across disparate systems to build complete attack narrativesSupport integration efforts with SOAR platforms

Detection Engineering & Threat Hunting

• Develop detection strategies aligned to MITRE ATT&CK
• Conduct proactive threat hunts
• Reduce false positives through rule refinement
• Collaborate with automation engineering to improve IR workflows

On-Call & Operational Responsibilities

• Participate in on-call rotation for high-severity incidents
• Provide after-hours escalation support
• Lead response during active security events regardless of time zone
• Ensure incident documentation meets quality standards

Mentorship & SOC Leadership

• Mentor Analyst & Engineering Team
• Establish investigation standards and quality benchmarks
• Improve escalation pathways
• Contribute to SOC maturity initiatives

Other duties as required within the context of the role.

Qualifications

Required Qualifications

• 10+ years in cybersecurity operations, incident response, or security engineering
• 4+ years hands-on experience with CrowdStrike Falcon Platform
• Direct experience with CrowdStrike NGSIEM (Strongly Preferred)
• Demonstrated experience serving as Incident Commander or IR Lead
• Experience designing or deploying security technologies
• Strong endpoint forensics and telemetry analysis capabilities
• Experience in MSSP or multi-client environments preferred
• Excellent written and verbal communication skills (technical and executive-level)

Preferred Experience

• Experience in architecting SIEM ingestion strategies
• Experience deploying EDR at scale
• Familiarity with SOAR platforms
• Experience integrating identity and cloud telemetry into SIEM
• Knowledge of MITRE ATT&CK and adversary emulation
• Background in threat hunting and adversary emulation

Technical Skill Set

• CrowdStrike Falcon platform expertise
• CrowdStrike NGSIEM advanced query development
• CrowdStrike NGSIEM advanced dashboard development
• Security architecture design
• Detection engineering
• Incident command methodology
• Threat hunting techniques
• Log correlation & telemetry strategy
• Cloud security telemetry
• API integrations (preferred)

Must be eligible to work for any U.S. employer without the need for sponsorship now or in the future

Compensation

This role offers a base salary range of $140,000–$160,000, with eligibility for an incentive bonus as part of the overall compensation package.

Vacancy

We have 1 available position(s).

AI Usage Disclosure

At Calian, we do not use Artificial Intelligence (AI) to screen or evaluate candidates. AI tools may support backend administrative tasks, but they do not influence hiring decisions. All evaluations and decisions are made by real people on our recruitment team and hiring managers. All applicants are reviewed and only those chosen for an interview will be contacted by our recruiting team.

How we hire

Our approach

Experience and accommodations

CV and cover letter tips

Interview tips

Our decision