13390 - IT Operations Security Engineer - Virtual - USA Job Listing at Kelly Services in MI (Job ID 13390)

Description

Together we change lives.

Kelly is a team of experts driven by our belief that the impact of the right person in the right job is limitless.  

No matter where you are in your career journey, you can apply your knowledge and passion to move people, organizations, and communities forward. You'll have opportunities to grow your expertise and capabilities, both professionally and personally. As a team, we celebrate inclusion, caring, and collaboration. As a company, we value your contribution, we work with integrity, and we always put people first - so your impact really will change lives.

As a Kelly Services Operations Security Engineer, you will be tasked with strengthening and modernizing our enterprise security posture. You will serve as a Level 3 escalation point for the SOC, supporting cybersecurity incident response operations and taking ownership of key security platforms across endpoint, network, identity, cloud, and data protection. This is a hands-on and collaborative role, partnering with SOC analysts, Infrastructure Engineering, and Cloud Security to embed best practices, improve detection and response, and ensure full coverage across the enterprise while safeguarding sensitive data, enterprise identities, and mission-critical systems. Expect to work directly on cyber-security incidents end-to-end, maintain and improve security platforms, conduct targeted threat hunts, and provide guidance to junior staff.

What You'll Be Accountable for:

• Defend enterprise identities, endpoints, data, and cloud services from emerging cyber threats.
• Own and improve enterprise security platforms that span endpoint, identity, data, and cloud.
• Act as a senior escalation point during incident response.
• Share knowledge with SOC analysts while also learning from senior engineering and architecture teams.
• Role balance: approximately 50/50 between platform operations (KTLO: updates, deployments, maintenance, improvements) and incident response operations.

Cyber-Security Incident Response

• Contribute to day-to-day incident response operations, including playbook execution, escalations, and incident reviews.
• Work closely with SOC analysts to ensure escalated incidents are handled thoroughly and consistently.
• Act as a SOC Level 3 (L3) escalation point for high-severity or complex incidents.

Security Platform Operations

• Administer, update, and improve core security platforms (e.g., SIEM/SOAR, EDR, identity protection, endpoint security, cloud monitoring).
• Deploy & integrate security appliances/images: Stand up security tool images on VMs and cloud instances, integrate with enterprise networking/identity/management planes, and configure routing, certificates, and high availability.
• Enterprise log collection: Onboard infrastructure systems and appliances to centralized logging (syslog, agents, APIs); ensure parsing/normalization, time sync, and completeness of ingestion into SIEM/SOAR.
• Health & coverage KPIs: Maintain and report sensor/agent coverage (deployment %, version, tamper status) and drive remediation for gaps.
• Perform “keep the lights on” activities such as patching, upgrades, health checks, and integrations.
• Coordinate with vendors and managed SOC providers to resolve platform issues or request tuning.
• Periodically review coverage to validate endpoint, network, and identity protection.

Endpoint Security

• Maintain and enhance endpoint security across Windows, macOS, and mobile devices.
• Ensure agents are properly deployed, updated, and healthy across the enterprise.
• Policy management & deployment: Manage EDR/anti-malware, host firewall, device control, disk encryption, and hardening baselines; use staged/ring rollouts with scoped exceptions and allow/deny lists; monitor impact, reduce noise, and preserve coverage via endpoint management platforms (e.g., MDM, configuration management).
• Investigate endpoint alerts and suspicious activity; coordinate escalations with SOC analysts.
• Identify and remediate gaps in endpoint visibility or coverage.

Email & Collaboration Security

• Reduce phishing click-through rates and time-to-remediate through tuned detections and streamlined response workflows.
• Improve investigation and remediation for email/collaboration threats (e.g., malicious links/attachments, mailbox rule abuse, external sharing risks).
• Security policy management & deployment: Own and deploy mail hygiene and collaboration policies—anti-phish/anti-malware, link/attachment protection, authentication/DMARC alignment, transport rules, DLP, and external sharing controls—using staged rollouts, change control, and targeted exceptions; measure efficacy and user impact and tune accordingly.
• Coordinate purge/quarantine actions, campaign searches, and user communications.
• Partner with end-user engineering and awareness teams to strengthen ongoing hygiene.

Data Protection & Governance

• Ensure monitoring and controls are applied consistently across endpoints, cloud services, and identities.
• Investigate and respond to potential data loss or misuse incidents with SOC and compliance teams.
• Support enforcement of enterprise data security policies (e.g., DLP, encryption, retention).
• Embed data protection best practices into day-to-day operations with engineering and business teams.

Threat Hunting & Intelligence

• Perform targeted hunts based on industry advisories and threat intelligence feeds.
• Validate detections by correlating intelligence with enterprise telemetry.
• Document findings and coordinate remediation with SOC and engineering teams.

Identity & Access Security

• Monitor and investigate alerts related to privileged access and unusual sign-in activity.
• Integrate identity events into incident response workflows for consistent handling and management.
• Support the enforcement of Conditional Access and MFA policies.

Cloud Security Integration

• Partner with cloud engineering to ensure that cloud posture findings and cloud-native detections are integrated into SOC workflows.
• Maintain consistent incident response coverage across hybrid and multi-cloud environments.

Collaboration & Knowledge-Sharing

• Provide guidance and knowledge-sharing to SOC analysts and junior InfoSec team members.
• Learn from senior engineering and architecture teams in network, cloud, and IAM domains to expand your own technical depth.
• Contribute to documentation and refinement of playbooks, runbooks, and escalation processes.

Essential Skills, Knowledge & Experiences: 

• 7+ years in security engineering or operations within enterprise environments.
• Experience with SOC platforms, including SIEM, SOAR, EDR, vulnerability management, and cloud security tools.
• Hands-on incident response (triage, containment, evidence, RCA) and practical threat hunting (SIEM/EDR, MITRE).
• Broad technical background across endpoints, servers, networking, identity, and data protection, with deep knowledge of operating systems (Linux, Windows), threat intelligence, and enterprise security tooling (SIEM, EDR, SOAR, IDS/IPS).
• Proven results in alert noise reduction and true-positive lift through detection tuning and exception scoping.
• Proficiency with query languages used for SIEM/EDR hunting (KQL/SQL-like).
• Experience deploying and integrating security appliances/images on VMs/cloud and building enterprise log-collection pipelines (syslog/agents/APIs) into SIEM/SOAR, including parsing/normalization and data-quality monitoring.
• Problem-Solving: Exceptional analytical and problem-solving skills to dissect complex security incidents.
• Familiarity with frameworks such as NIST CSF and MITRE ATT&CK.
• Scripting ability in Python, PowerShell, or equivalent.
• Strong communication and collaboration.

Nice to Have

• Certifications such as:
  • CompTIA Security+, CySA+, or CASP
  • GIAC certifications (e.g., GCIH, GCIA, GCFE, GSEC)
  • Microsoft SC-200 / SC-300
  • Other vendor-specific security or cloud certifications
• Equivalent experience will be considered in place of certifications.
• Experience with network security and next-generation firewalls.
• Familiarity with enterprise vulnerability management programs.
• Participation in tabletop exercises, purple-team hunts, or incident reviews.
• Exposure to Zero Trust designs and enterprise cloud security models.

Work Setup & Travel

• Remote (U.S.) with occasional travel for on-site workshops, incident response activities, or key engineering initiatives (e.g., Troy, MI; Chicago, IL; Ashburn, VA).

Total compensation package and benefits applicable to the position – understanding that each person has unique professional and personal needs, focused on your total well-being. Explore our range of benefits for full-time employees at: https://rs.benefitsatkelly.com/ 

Kelly is an equal opportunity employer committed to employing a diverse, equitable, and inclusive workforce, including, but not limited to, race, gender, individuals with disabilities, protected veterans, sexual orientation, and gender identity. Equal Employment Opportunity is The Law.