Security Operations Engineer

Texas GovLink, Inc. is an Austin-based firm which has been a leading provider of technical and business professionals to clients in Texas. We are currently seeking an experienced Security Operations Engineer to be a key resource on a technical services team.

Texas GovLink offers its family of consultants excellent rates, a local support staff, and an attractive benefits package which includes medical insurance (TGL shares a percentage of the cost), life insurance, a matching 401(k) plan and a cafeteria plan.

Candidates selected for interview will be required to undergo criminal background checks and may be required to complete a drug screen in accordance with Federal and State Law.  Offers of Employment are contingent on a successful background check

Texas GovLink is an equal opportunities employer.

• Engineer, maintain, and tune SIEM platforms (Google SecOps, Gravwell), including correlation rules, dashboards, enrichment logic, and detection content.
• Configure, tune, and optimize IDS/IPS technologies (Corelight, Tipping Point, Cisco Firepower), including signature development and false-positive reduction.
• Perform packet capture (pcap) analysis to validate alerts, identify malicious traffic, and support investigations using Netwitness or Corelight.
• Conduct network traffic analysis to detect anomalies, lateral movement, and command‑and‑control activity.
• Strong understanding of network security architecture, including distributed sensors (Corelight), packet capture systems (NetWitness), and log pipelines (CRIBL, Gravwell, Google SecOps).
• Operationalize threat intelligence feeds within SOC platforms and customers, converting indicators into detection logic, correlation rules, and automated enrichment workflows.
• Continuously tune detection content based on intelligence‑driven insights, improving alert fidelity and reducing false positives across statewide monitoring.
• Develop and maintain orchestration playbooks within Cyware, integrating SIEM, EDR, threat intelligence, and ticketing systems to support statewide monitoring expansion and rapid incident handling.
• Support SOC operations by providing detection engineering, log onboarding, and data normalization.
• Develop and maintain network security monitoring infrastructure, including sensors, collectors, and log pipelines.
• Collaborate with Incident Responders to provide network‑level evidence, context, and threat validation.
• Produce engineering reports, tuning documentation, and platform health assessments.
• Implement detection logic aligned with MITRE ATT&CK, threat intelligence, and emerging adversary behaviors.
• Produce engineering documentation, tuning reports, platform health assessments, and detection coverage maps using data from Firepower, TippingPoint, Corelight, NetWitness, Microsoft Sentinel, and Google SecOps