Job Summary

The Threat Defense Engineer supports the Threat Defense Engineering team by assisting with the tuning, filtering, and optimization of security technologies across Fortified Health Security customer environments. This is a hands-on technical support role focused on improving alert quality, reducing false positives, validating detection behavior, and supporting tuning efforts during new customer implementations and ongoing service delivery.

This position works closely with Senior Engineers, Implementation Teams, TDC analysts, and other cross-functional partners to help ensure security monitoring technologies are properly configured, tuned, and aligned with operational requirements. The role is intended for an early-career engineer with foundational experience in security operations, SIEM/MDR tools, endpoint technologies, and enterprise security monitoring. Scripting or automation experience is not required but is considered a plus.

Essential Job Functions

The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

In this role, the Threat Defense Engineer will support the tuning, filtering, validation, and optimization of security detection and monitoring services across Fortified Health Security customer environments. This position focuses on improving alert quality, reducing false positives, supporting implementation tuning, and ensuring security technologies remain aligned with customer requirements and TDC operational needs. The role requires foundational knowledge of security operations, alerting technologies, enterprise IT environments, and customer-facing managed security services.

Responsibilities include, but not limited to:

• Assist with tuning and filtering efforts across SIEM, MDR, EDR, and related security technologies.
• Review recurring alerts, false positives, noisy detections, and duplicate events to identify tuning opportunities.
• Support implementation tuning efforts for new customer environments, including validating alert behavior, filters, exclusions, and notification logic.
• Work with Senior Engineers to apply approved tuning changes, suppression logic, filters, allowlists, and detection adjustments.
• Help validate that tuning changes reduce noise without creating visibility gaps or suppressing meaningful security activity.
• Review alert trends and analyst feedback to identify opportunities for improved detection quality.
• Assist with documenting tuning decisions, technical changes, customer-specific logic, and operational considerations.
• Support the creation and maintenance of runbooks, playbooks, and internal engineering documentation.
• Collaborate with TDC analysts to understand alert pain points, escalation quality issues, and recurring operational challenges.
• Participate in quality review efforts to ensure alerts are actionable, properly routed, and aligned with service expectations.
• Assist with customer onboarding and implementation activities related to alert tuning, filtering, and monitoring readiness.
• Escalate complex tuning, detection logic, or platform issues to Senior Engineers or Management as appropriate.
• Support basic troubleshooting of alerting workflows, integrations, notification paths, and platform configuration issues.
• Maintain awareness of customer-specific monitoring requirements, technology stacks, and escalation expectations.
• Contribute to continuous improvement efforts focused on alert fidelity, operational efficiency, and TDC effectiveness.
• Use scripting or automation tools when applicable to support repeatable tasks; scripting is preferred but not required.

Knowledge & Skills

Education & Experience

• Bachelor’s Degree in Computer Science, Information Security, Cybersecurity, Information Technology, or a related field preferred; equivalent hands-on experience may be considered.
• 1–3 years of related experience in information security, security operations, IT operations, or a similar technical support role preferred.
• Foundational understanding of Security Operations Center workflows and alert triage processes.
• Hands-on experience working within a 24x7 Security Operations Center preferred.
• Experience working with or supporting security technologies such as:
• SIEM platforms
• MDR platforms
• Endpoint Detection and Response tools
• Cloud security tools
• Network security monitoring tools
• Threat intelligence or dark web monitoring platforms
• Direct experience supporting TDC Operations or Security Engineering functions preferred.
• Experience operating within an MSSP model preferred.
• Healthcare industry experience preferred.
• Familiarity with HIPAA/HITRUST frameworks preferred.
• Scripting or automation experience using Python, PowerShell, Bash, or similar languages is a plus but not required.

Special Skills & Knowledge

• Proficient understanding of the following subject matters/skills:
• SIEM, MDR, EDR, and related security monitoring technologies.
• Alert tuning, filtering, suppression, and false-positive reduction concepts.
• Basic security event analysis across endpoint, identity, network, cloud, and email security sources.
• Common security telemetry types, including authentication logs, endpoint alerts, firewall events, cloud activity, and email security events.
• Documentation of tuning decisions, configuration changes, and operational procedures.
• Basic troubleshooting of alerting workflows, integrations, and notification issues.
• Foundational understanding of MITRE ATT&CK and common attack behaviors.
• Foundational understanding of cloud and enterprise IT environments.
• Scripting or automation concepts preferred but not required.

• Working knowledge of the following subject matters/skills:
• Detection tuning and alert optimization across multiple security platforms.
• Identifying noisy, duplicate, low-value, or misconfigured alerts.
• Reviewing analyst feedback to identify tuning opportunities.
• Supporting tuning efforts during new customer implementations and technology onboarding.
• Understanding the difference between safe tuning and tuning that may create visibility gaps.
• Applying approved filters, exclusions, allowlists, and suppression logic under Senior Engineer guidance.
• Validating tuning changes to confirm alerts remain accurate, actionable, and properly routed.
• Escalating complex detection logic, platform behavior, or customer-impacting issues to Senior Engineers.
• Maintaining runbooks, playbooks, and internal engineering documentation.
• Supporting continuous improvement efforts related to alert fidelity, TDC efficiency, and customer service quality.

Licenses, Certifications, etc.

· Preferred (Not Required): CompTIA Security+, CompTIA CySA+, Microsoft SC-200, Microsoft AZ-900 or SC-900, GIAC GSEC or GCIH, Splunk Core Certified User, or other SIEM, EDR, cloud, or security operations certifications.

Requirements

Supervisory Responsibility

• · This position has no direct supervisory or performance management responsibilities.
• · This position does not have authority over hiring, performance evaluations, compensation decisions, or disciplinary actions.
• · May assist with peer knowledge sharing, documentation updates, and onboarding support when appropriate.
• · Works under the guidance of Senior Engineers and the Manager of Threat Defense Engineering.

Working Conditions & Travel Requirements

• Must be willing to travel up to 5%
• Capable of communication with clients via conference calls or emails to review and discuss alert data and security report findings

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.