Job Title

Lead Security Engineer (SIEM/EDR/IR) – MSSPLocation: Coimbatore, Tamil Nadu (Full-time) Shift: 8:00 PM – 5:00 AM IST (MT business hours alignment) Reports To: Security Operations Manager (solid-line) Dotted Line: CEO (United States) for security stack strategy, POC prioritization, and major tooling decisionsThe MissionFountain Hills Technologies is an Arizona-based MSSP expanding our 24/7 India operations. We’re seeking a senior, hands-on security engineer to own the security-technical direction of our SOC: improving detection quality, strengthening incident response, and ensuring our tooling and processes deliver consistent outcomes for U.S. customers (CT/ET today, growing MT). This is a high-ownership role with regular customer-facing involvement and measurable impact on operational effectiveness.Core ResponsibilitiesSecurity Technical Leadership: Set the technical standard for SOC investigations—what “good” looks like for triage, evidence capture, timelines, and escalation quality.Detection Engineering & Tuning: Own detection strategy and continuous improvement (use-case quality, tuning, noise reduction, enrichment, and correlation guidance).Incident Response Program (Security Lens): Build and mature IR playbooks and standards (severity criteria, evidence requirements, containment options, PIR improvements).L3 Escalation: Serve as the primary security escalation point for complex investigations and high-severity incidents; guide containment and remediation coordination.Automation & Enrichment: Reduce manual effort and improve speed/consistency by building lightweight automations for enrichment, evidence gathering, and investigation acceleration.Tooling Strategy + Modernization: Continuously research modern security capabilities, identify gaps, recommend improvements, and drive measurable outcomes.POC Leadership (Internal + Customer): Lead security-side POCs end-to-end—define success criteria, test coverage, and operational fit; document results; and drive rollout readiness (runbooks, training, and support model).Customer-Facing Technical Support: Join technical sales and customer calls to validate solutions, explain security findings, and build confidence in our approach.Operational Collaboration: Partner with the Ops Manager to turn lessons learned (PIRs, recurring patterns) into runbooks, tuning changes, and repeatable workflows.Required QualificationsExperience: 10+ years in security operations/security engineering (SOC/MSSP experience strongly preferred).Hands-On SIEM + EDR/XDR Depth: Proven experience building/tuning detections, improving signal quality, guiding investigations, and operating EDR/SIEM workflows.Strong Security Fundamentals: Comfortable with endpoint, identity, email, and network attack patterns and how they appear in telemetry; able to guide investigation and containment decisions.IR Maturity Mindset: Demonstrated ability to create practical playbooks, raise evidence/communication standards, and improve response consistency.Automation Requirement: Ability to perform basic scripting/automation for enrichment (PowerShell and/or Python) to reduce manual investigation steps and improve escalation quality/speed.Communication: Excellent written/spoken English for customer calls, incident briefings, and internal leadership communication.Ownership & Judgment: Calm under pressure; able to make clear recommendations and drive work to completion.Tools & Platforms (partial)Security & Identity: CrowdStrike (EDR/XDR), ThreatMate, FortiMail, KnowBe4, DNSFilterInfrastructure & Networking (awareness required): Palo Alto Firewalls, Cisco Meraki, Datto RMMService Management: Zoho DeskWhat Success Looks LikeHigher Signal, Less Noise: Measurable reduction in false positives and improved true-positive handling and triage speed.Stronger IR Execution: Playbooks and evidence standards are consistently followed; PIR actions lead to real, tracked improvements.Better Escalations: Frontline escalations arrive complete (timeline, evidence, hypothesis, “what’s been tried”), reducing back-and-forth.Tech Stack Progress: A repeatable POC framework is in place; security tooling evolves continuously with clear ROI (coverage, speed, automation).Customer Confidence: Clearer explanations, better outcomes, and stronger technical leadership on customer calls.