Senior SecOps Engineer

About Rethink First  Rethink First is a leading behavioral health technology company working to make mental wellness, education, and support accessible and scalable.

Through our suite of cloud-based platforms—including RethinkEd, RethinkCare, and RethinkBH—we serve educators, employers, and providers with tools that deliver measurable, inclusive outcomes.  We're on a mission to make behavioral health more effective, equitable, and human—and we’re looking for a creative visionary to help lead that charge.  What you'll be doing :

• We’re seeking a Senior Security Operations (SecOps) Engineer to be responsible for engineering and improving the operational security foundation of the company — including automation, detection tuning, and incident readiness.
• This is an impact-driven, hands-on technical role focused on building scalable defenses and readiness and reinforcing a security-first culture.
• You will partner closely with our SOC partner, acting as the technical and operational bridge to ensure high-fidelity detections, meaningful escalations, and continuous reduction of alert noise.
• This is ideal for someone with a software or SecOps / DevOps background who has evolved into security engineering and wants to shape how security operations run at scale.
• Core Responsibilities Security Automation & Engineering Design, build, and maintain automation workflows to eliminate manual SecOps tasks (Python, PowerShell, APIs, orchestration tools).
• Integrate data and events from multiple sources (EDR, SIEM, cloud logs, vulnerability scanners, identity systems) to enhance visibility and context.
• Develop reusable scripts, playbooks, and evidence collection automations to support compliance and incident response via aggregation tools and dashboarding.
• Third-Party SOC Partnership Serve as the primary technical interface between our internal team and the managed SOC provider.
• Continuously refine alert logic, escalation paths, and severity classifications to reduce false positives.
• Review and validate detections, ensuring coverage aligns with the company’s threat model and risk priorities.
• Provide feedback and data to the SOC to tune detections and automate enrichment processes.
• Conduct after-action reviews with the SOC to improve handoffs and documentation quality.
• Incident Response & Readiness Lead internal investigation and response when incidents are escalated from the SOC.
• Build and maintain playbooks and runbooks for repeatable, automated responses.
• Coordinate containment, root cause analysis, and lessons learned with cross-functional teams.
• Perform post-incident analysis to improve detection rules and reduce future alert fatigue.
• Vulnerability & Threat Management Manage the vulnerability lifecycle — scanning, prioritization, and coordination of remediation across IT and Engineering.
• Correlate vulnerabilities with asset ownership and exposure context using automation.
• Track and report remediation SLAs and provide risk-based metrics to leadership.
• Cloud & Infrastructure Security Partner with DevOps and engineering to implement automated guardrails and least-privilege IAM policies.
• Conduct reviews of cloud configurations (AWS, Azure, GCP) and recommend automated controls.
• Build event-driven detection and response functions using cloud-native tools.
• Collaboration & Mentorship Work closely with Compliance to provide evidence for audits (SOC 2, HITRUST).
• Mentor junior security team members and offshore resources in automation, scripting, and incident response.
• Advocate for “build once, automate forever” within security operations.
• Required Qualifications 8+ years of experience in SecOps, DevOps, security engineering, or software development with an automation focus in SaaS environments.
• Proficient in scripting and automation (Python, PowerShell, etc) and integrating with APIs.
• Experience managing or collaborating with a managed security provider (MSSP / MDR / SOC).
• Strong grasp of SIEM and EDR ecosystems, including alert tuning and log analysis.
• Familiarity with cloud security (AWS, Azure) and infrastructure-as-code concepts.
• Excellent analytical, communication, and documentation skills.
• Preferred Qualifications Background in software or application development before transitioning into security.
• Experience building integrations between security tools and Jira, Teams, ticketing systems and with CAASM tools that automate inventory, gap-detection, and enforcement (Axonius, JupiterOne) Knowledge of ERD / vulnerability management tools (Tenable, Defender, Crowdstrike Falcon).
• Experience in regulated environments (HIPAA, SOC 2, HITRUST).
• Certifications such as CISSP, GCIH, GCIA, or AWS, Azure security specialty are a plus.
• Success Indicators 50–70% reduction in false positives or unnecessary escalations from the SOC provider.
• Demonstrated automation of recurring SecOps tasks and evidence collection.
• Consistent SLA adherence for vulnerability remediation and incident response.
• Positive feedback from engineering and compliance teams on process efficiency.

Benefits :