Fast Facts

Rethink First is seeking a SecOps Engineer to support the security operations team in monitoring company assets, handling incident responses, and managing vulnerabilities. This position offers a great opportunity for entry to mid-level candidates looking to grow in the field of security engineering.

Responsibilities: The role includes monitoring alerts from SOC, conducting triage, maintaining security playbooks, managing vulnerabilities, supporting automation development, and participating in incident investigations.

Skills: Candidates should have 1-3 years of experience in IT or security operations, foundational knowledge of cloud environments, familiarity with SIEM tools, basic scripting skills, and strong documentation abilities.

Qualifications: Preferred candidates will have experience with Managed Security Service Providers, knowledge of vulnerability management tools, and relevant security certifications such as CompTIA Security+. Interest in pursuing advanced certifications is also desirable.

Location: Remote opportunities are available in multiple states across the USA, including Chicago, IL.

Compensation: Not provided by employer. Typical compensation ranges for this position are between $75,000 - $105,000.

About Rethink First 

Rethink First is a leading behavioral health technology company working to make mental wellness, education, and support accessible and scalable. Through our suite of cloud-based platforms—including RethinkEd, RethinkCare, and RethinkBH—we serve educators, employers, and providers with tools that deliver measurable, inclusive outcomes. 

We're on a mission to make behavioral health more effective, equitable, and human—and we’re looking for a creative visionary to help lead that charge. 

What you'll be doing:

The Security Operations Engineer supports the ongoing protection of company assets by assisting in monitoring, incident response, and automation tasks. This entry- to mid-level role is ideal for someone who has foundational security knowledge and a desire to grow into a senior engineering position.

You will collaborate with the Senior SecOps Engineer, offshore and other functional teams to ensure alerts are reviewed efficiently, vulnerabilities are directed to appropriate teams, tracked to closure, and automated playbooks are continuously improved.

Core Responsibilities

• Operational Support
• Review alerts escalated from the third-party SOC and conduct initial triage and documentation.
• Execute defined response actions under guidance from senior team members.
• Maintain and update security playbooks, runbooks, and knowledge base articles.
• Assist with endpoint, identity, and cloud security monitoring.
• Vulnerability Management
• Run recurring vulnerability scans (Tenable, Defender, etc) and verify remediation status.
• Document remediation progress and communicate updates to system owners.
• Track SLA compliance and generate periodic metrics for leadership reporting.
• Automation & Tooling
• Support automation development by testing and maintaining security scripts or workflows.
• Assist with tool integrations and API connections between systems (EDR, SIEM, Jira, MDM, etc.).
• Help gather and validate data used in automation pipelines and dashboards.
• Incident Response
• Participate in incident investigations by collecting evidence, correlating logs, and maintaining timelines.
• Assist in containment, root cause analysis, and post-incident documentation.
• Support after-action reviews and lessons-learned sessions.
• Collaboration & Continuous Improvement
• Work closely with offshore SecOps engineers to standardize procedures and share knowledge.
• Collaborate with compliance staff to provide data for audit evidence or control validation.
• Participate in security training and development to strengthen technical and analytical skills.

Required Qualifications

• 1–3 years of experience in IT, security operations, or system administration.
• Foundational knowledge of cloud environments (Azure, AWS).
• Familiarity with SIEM tools (Sentinel, DataDog) and EDR platforms.
• Basic scripting or automation experience (Python, PowerShell preferred).
• Understanding of common attack vectors and security frameworks (MITRE ATT&CK, NIST CSF).
• Strong documentation and organizational skills.

Preferred Qualifications

• Experience collaborating with or within a Managed Security Service Provider (MSSP).
• Exposure to vulnerability management tools.
• Certifications such as CompTIA Security+, Microsoft SC-200, or GSEC.
• Interest in pursuing advanced certifications (e.g., GCIH, AZ-500, or CISSP).

Success Indicators

• Consistent, high-quality triage and documentation of incidents.
• Demonstrated ability to automate or streamline recurring tasks.
• Clear communication and coordination with offshore teams and senior staff.
• Growth in technical independence and contributions to playbook maturity.

Benefits: 

• Generous health, dental, & vision benefits package
• Flexible paid time off
• 11 paid company holidays
• 401k + matching
• Parental leave
• Access to our award-winning RethinkCare platform supporting neurodiversity in the workplace through parental success, professional resilience, and personal wellbeing.  

Location: Remote opportunities are available to candidates who reside in the following states: AL, AZ, CT, FL, GA, HI, IL, IN, KY, LA, MD, MA, MI, MN, MO, NC, NE, NH, NJ, NV, OH, OR, PA, RI, TN, TX, VA, WA, WI 

Our commitment to an inclusive workplace 

RethinkFirst is an equal opportunity employer and is committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws. Accommodations are available for applicants with disabilities. 

JazzHR Privacy Policy 

JazzHR Terms of Use 

California Privacy Notice 

#remote