Technical Engineer Security

This position offers a hybrid work option up to 50% remote and is open to Mankato, MN; Lakeville, MN; Sun Prairie, WI or Bloomington, IL office location.

The contributions you will make:

This position is responsible for detecting, analyzing, and responding to security threats across the enterprise. This role focuses on operational security execution reducing threat dwell time, improving detection fidelity and ensuring effective incident response and recovery. Focuses on security monitoring, incident response, and threat intelligence activities following established processes and runbooks. Collaborates closely with DT&I, SRM, product teams, and external partners to coordinate response efforts and continuously improve security operations capabilities.

A typical day:

Security Monitoring and Detection

• Monitors enterprise security telemetry across endpoints, identities, networks, and cloud environments using SIEM, EDR/XDR, and related tools.
• Analyzes and investigates security alerts to determine severity, scope, and business impact.
• Tunes detection logic to improve alert fidelity and reduce false positives.
• Validates that security controls are functioning as designed through operational monitoring

Incident Response and Investigation

• Participates in security incident triage, containment, eradication, and recovery activities.
• Supports coordinated incident response efforts with infrastructure, application, and business teams.
• Performs technical investigations to determine root cause, attack path, and impact.
• Produces clear incident documentation, including timelines, findings, and remediation recommendations.
• Supports post-incident reviews and lessons learned to improve

Threat Intelligence and Adversary Analysis

• Consumes and operationalizes threat intelligence, indicators of compromise (IOCs), and adversary tactics, techniques, and procedures (TTPs).
• Maps observed activity to frameworks such as MITRE ATT&CK.
• Proactively hunts for threats using intelligence-driven hypotheses.
• Shares actionable intelligence with stakeholders to improve defensive posture.

Security Automation and Operational Enablement

• Executes and maintain SOAR playbooks for alert enrichment, investigation, and response.
• Automates repeatable SecOps workflows to improve speed and consistency.
• Executes and maintains runbooks and response procedures.
• Partners with engineering teams to integrate telemetry and response capabilities.

Operational Metrics, Governance and Compliance

• Tracks and reports key operational security metrics (e.g., MTTD, MTTR, alert volumes, response outcomes).
• Provides evidence and documentation to support regulatory, audit, and compliance requirements related to monitoring and incident response.
• Supports continuous improvement initiatives for SecOps processes and tooling.

Vulnerability and Exposure Coordination

• Supports vulnerability management operations by validating exploitability and prioritization during incidents.
• Coordinates remediation activities and verify closure from an operational risk perspective.
• Assists with exposure analysis when vulnerabilities intersect with active threats

The skills and experience we prefer you have:

• Bachelor's degree in computer science, information systems, business or related field or an equivalent combination of education and experience sufficient to perform the essential functions of the job.
• Minimum of 3 years of security operations or related experience.
• Familiarity with SIEM, EDR/XDR, and incident workflows preferred.
• Relevant certifications such as CISSP, GIAC (GSEC, GCED, GCIA, or similar) preferred.
• Strong understanding of security monitoring, incident response, and threat detection techniques.
• Experience analyzing logs, alerts, and endpoint telemetry.
• Familiarity with cloud, identity, and network security concepts from an operational perspective.
• Ability to translate technical findings into clear, actionable communications for technical and nontechnical audiences.
• Strong problem-solving, decision-making, and documentation skills.
• Ability to work independently while collaborating effectively during high-pressure incidents.
• Experience with technical security operations such as vulnerability testing, log monitoring, firewall configurations and general security testing.
• Knowledge in Microsoft Server Technologies (including SharePoint, Active Directory, SQL Server, Exchange and Windows Server Operating Systems).
• Knowledge of LAN/WAN Technologies; voice communications; Email Services; desktop operating systems and configurations; document capture solutions; and server, desktop and laptop hardware and configurations.
• Ability to work under minimal supervision with taking direction from leadership and mentors.
• Ability to translate highly technical information into nontechnical terms.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Ability to create and maintain technical documentation of complex systems.
• Strong listening, written and verbal communication skills, with ability to communicate at all levels of the organization.
• Valid Driver's License.

#IND100

How we will take care of you:

Our job titles may span more than one career level (associate, senior, principal, etc.). The actual title and base pay offered is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role is eligible for variable compensation and other benefits.