{"schemaVersion":"jobsearcher.job.v1","id":"4d09bf2aa33c0345f1f84e08","url":"https://jobsearcher.com/jobs/4d09bf2aa33c0345f1f84e08","canonicalUrl":"https://jobsearcher.com/jobs/4d09bf2aa33c0345f1f84e08","title":"Security Analyst/Engineer","description":"Who We Are…\nSince our founding in 1901, Limbach’s primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve—driving a culture of belonging across our industry.\nLimbach Company LLC, a subsidiary of Limbach Holdings, Inc. (NASDAQ: LMB), is a leading building systems solutions firm delivering mission-critical systems that support life’s most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities—ensuring buildings are always ready to perform when it matters most.\nLearn more about Limbach by checking out our YouTube channel: We Are Limbach - YouTube\nFrom healthcare and education to government and commercial facilities, we partner with building owners and operators to safeguard reliability, efficiency, and comfort where it’s needed most.\nOur vision is to create value for building owners targeting opportunities for long term relationships.\nOur purpose is to create great opportunities for people.\nLearn more about Limbach’s commitment to our people and career opportunities, straight from our employees via the Limbach Unlocked podcast: Limbach Unlocked - Why We Chose Limbach\nWe carry out our vision and purpose through a commitment to our four core values…\nWe Care\nWe Act with Integrity\nWe Are Innovative\nWe Are Accountable\nThe Benefits & Perks…\nBase salary range of $120K - $130K\nFull portfolio of medical, dental, and vision benefits, along with 401K plan and company match.\nHSA, FSA, and life insurance offerings.\nMaximize your professional development with our award-winning Learning & Engagement team.\nEngage in our “We Care” culture through our ERGs, brought to you by EMBRACE.\nCareer pathing flexibility and mobility.\nWho You Are…\nAs Security Analyst / Engineer, you will serve as the organization’s primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader.\nThis Position…\nSome examples of the work you might do includes:\nSecurity Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting.\nSOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events.\nIncident Response: Lead detection containment eradication recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths.\nEDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations.\nVulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines.\nDetection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy.\nM&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach’s security baselines.\nTraining & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement.\nReporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations.\nThird-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners.\nWhat You Need…\n5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments.\nDemonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable).\nProven track record managing EDR/MDR/XDR solutions and performing endpoint investigations.\nHands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling.\nExperience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation.\nReal-world experience coordinating cross-functional incident response activities and driving remediation to completion.\nScripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection.\nStrong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting.\nFamiliarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools.\nKnowledge of security controls, hardening standards, and configuration baselines.\nAbility to read and interpret logs and telemetry across endpoints, network devices, and cloud services.\nSuperior written and verbal communication; able to explain technical findings to non-technical and executive audiences.\nDecisive under pressure, methodical in evidence collection, and disciplined in documentation.\nCollaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners).\nStrong project management and organizational skills with an eye for measurable outcomes.\nAbility to travel up to 15% of the time.\nPreferred Qualifications:\nCertifications: CISSP, GCIH, GCFA, ECIH, or Security+ (or equivalent).\nPrior role as a dedicated incident responder or IR team lead.\nExperience with Microsoft Defender for Endpoint, Azure Security Center, and native cloud telemetry.\nFamiliarity with compliance frameworks (SOC 2, NIST CSF/800-171, ISO 27001) and how detection/IR maps to them.\nExperience in multi-site enterprise environments and with M&A integration security.\nConduct Standards:\nMaintains appropriate Company confidentiality at all times.\nProtects the assets of the Company and ethically upholds the Code of Conduct & Ethics in all situations.\nCultivates and promotes the “Hearts & Minds” safety culture.\nConsistently exemplifies the Core Values of the Company (we CARE, we act with INTEGRITY, we are INNOVATIVE, and we are ACCOUNTABLE).\nWork Environment:\nThis position operates primarily in an office environment and routinely utilizes standard office equipment, such as computers, phones, copiers, and filing cabinets.\nThe Company’s Remote Work Policy is applicable to this position.\nPhysical Demands:\nIn performing the duties of this job, the incumbent is regularly required to talk, hear, perform repetitive motion, and possess an appropriate degree of both visual acuity and manual dexterity.\nThis is considered a sedentary position, which means possible exertion up to ten (10) pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects.\n\nThis job description is intended to describe the general nature of work being performed by the individual who assumes this role, not an exhaustive list of responsibilities. Duties, responsibilities, and activities may change at any time, with or without notice, as business needs dictate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Limbach Facility Services LLC is an Equal Opportunity Employer.\n\n#LFS\nEqual Opportunity Employer/Protected Veterans/Individuals with Disabilities\nThis employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.","company":"Limbach","rawCompany":"limbach","city":"Tampa","state":"FL","isRemote":false,"isActive":false,"createdAt":"2026-04-14T10:23:46.755Z","occupations":[{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"13-1199.07","title":"Security Management Specialists","slug":"security-management-specialists"}],"industries":[{"code":"561621","title":"Security Systems Services (except Locksmiths)","slug":"security-systems-services-except-locksmiths"},{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541690","title":"Other Scientific and Technical Consulting Services","slug":"other-scientific-and-technical-consulting-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Security Analyst/Engineer","description":"Who We Are…\nSince our founding in 1901, Limbach’s primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve—driving a culture of belonging across our industry.\nLimbach Company LLC, a subsidiary of Limbach Holdings, Inc. (NASDAQ: LMB), is a leading building systems solutions firm delivering mission-critical systems that support life’s most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities—ensuring buildings are always ready to perform when it matters most.\nLearn more about Limbach by checking out our YouTube channel: We Are Limbach - YouTube\nFrom healthcare and education to government and commercial facilities, we partner with building owners and operators to safeguard reliability, efficiency, and comfort where it’s needed most.\nOur vision is to create value for building owners targeting opportunities for long term relationships.\nOur purpose is to create great opportunities for people.\nLearn more about Limbach’s commitment to our people and career opportunities, straight from our employees via the Limbach Unlocked podcast: Limbach Unlocked - Why We Chose Limbach\nWe carry out our vision and purpose through a commitment to our four core values…\nWe Care\nWe Act with Integrity\nWe Are Innovative\nWe Are Accountable\nThe Benefits & Perks…\nBase salary range of $120K - $130K\nFull portfolio of medical, dental, and vision benefits, along with 401K plan and company match.\nHSA, FSA, and life insurance offerings.\nMaximize your professional development with our award-winning Learning & Engagement team.\nEngage in our “We Care” culture through our ERGs, brought to you by EMBRACE.\nCareer pathing flexibility and mobility.\nWho You Are…\nAs Security Analyst / Engineer, you will serve as the organization’s primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader.\nThis Position…\nSome examples of the work you might do includes:\nSecurity Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting.\nSOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events.\nIncident Response: Lead detection containment eradication recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths.\nEDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations.\nVulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines.\nDetection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy.\nM&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach’s security baselines.\nTraining & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement.\nReporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations.\nThird-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners.\nWhat You Need…\n5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments.\nDemonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable).\nProven track record managing EDR/MDR/XDR solutions and performing endpoint investigations.\nHands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling.\nExperience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation.\nReal-world experience coordinating cross-functional incident response activities and driving remediation to completion.\nScripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection.\nStrong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting.\nFamiliarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools.\nKnowledge of security controls, hardening standards, and configuration baselines.\nAbility to read and interpret logs and telemetry across endpoints, network devices, and cloud services.\nSuperior written and verbal communication; able to explain technical findings to non-technical and executive audiences.\nDecisive under pressure, methodical in evidence collection, and disciplined in documentation.\nCollaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners).\nStrong project management and organizational skills with an eye for measurable outcomes.\nAbility to travel up to 15% of the time.\nPreferred Qualifications:\nCertifications: CISSP, GCIH, GCFA, ECIH, or Security+ (or equivalent).\nPrior role as a dedicated incident responder or IR team lead.\nExperience with Microsoft Defender for Endpoint, Azure Security Center, and native cloud telemetry.\nFamiliarity with compliance frameworks (SOC 2, NIST CSF/800-171, ISO 27001) and how detection/IR maps to them.\nExperience in multi-site enterprise environments and with M&A integration security.\nConduct Standards:\nMaintains appropriate Company confidentiality at all times.\nProtects the assets of the Company and ethically upholds the Code of Conduct & Ethics in all situations.\nCultivates and promotes the “Hearts & Minds” safety culture.\nConsistently exemplifies the Core Values of the Company (we CARE, we act with INTEGRITY, we are INNOVATIVE, and we are ACCOUNTABLE).\nWork Environment:\nThis position operates primarily in an office environment and routinely utilizes standard office equipment, such as computers, phones, copiers, and filing cabinets.\nThe Company’s Remote Work Policy is applicable to this position.\nPhysical Demands:\nIn performing the duties of this job, the incumbent is regularly required to talk, hear, perform repetitive motion, and possess an appropriate degree of both visual acuity and manual dexterity.\nThis is considered a sedentary position, which means possible exertion up to ten (10) pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects.\n\nThis job description is intended to describe the general nature of work being performed by the individual who assumes this role, not an exhaustive list of responsibilities. Duties, responsibilities, and activities may change at any time, with or without notice, as business needs dictate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Limbach Facility Services LLC is an Equal Opportunity Employer.\n\n#LFS\nEqual Opportunity Employer/Protected Veterans/Individuals with Disabilities\nThis employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.","datePosted":"2026-04-14T10:23:46.755Z","dateModified":"2026-04-14T10:23:46.755Z","hiringOrganization":{"@type":"Organization","name":"Limbach","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Tampa","addressRegion":"FL","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"4d09bf2aa33c0345f1f84e08"},"url":"https://jobsearcher.com/jobs/4d09bf2aa33c0345f1f84e08"}}