[Remote] Cybersecurity Operation Engineer

Note: The job is a remote job and is open to candidates in USA. Wyndham Hotels & Resorts is the world’s largest hotel franchising company, and they are seeking a Cybersecurity Operations Engineer to join their Information Security team. The role involves monitoring, triaging, and responding to security events across the enterprise, while also executing incident response activities and maintaining security tooling.

Responsibilities

• Monitor, triage, and investigate security alerts generated across the enterprise tool stack, including SIEM, EDR/XDR, SaaS, cloud and network security platforms
• Escalate complex or high-severity events to other teams and senior team members with clear, actionable documentation
• Maintain daily ownership of the security event queue, including log analysis, alert management, and disposition tracking
• Participate in an on-call rotation to provide after-hours coverage for critical security events
• Configure, tune, and maintain cybersecurity platforms including EDR, SIEM, log management, SWG, CASB, and other platform tools
• Provide Level 1 application support for all security tools under the Cybersecurity Operations Center’s management
• Maintain working familiarity with cloud and application security platforms to support cross-functional workflows and escalations
• Create and maintain security operations documentation including incident playbooks, standard operating procedures, and triage runbooks
• Contribute to process improvement efforts by identifying gaps in current workflows and recommending practical solutions
• Collect, track, and report on security metrics across managed platforms to support leadership visibility and program improvement
• Collaborate with other cybersecurity teams to ensure consistent detection coverage and response capability across domains
• Participate in cross-training with other SOC engineers to maintain shared proficiency across all security tools and processes
• Build and maintain working relationships with peer teams to support coordinated response to cross-functional security issues
• Support information security governance activities by providing evidence and documentation for internal audits, compliance assessments, and regulatory reviews
• Assist in enforcing security policies and standards across cybersecurity-managed systems and tools
• Identify and flag deviations from established security baselines and escalate where remediation is required
• Support vendor evaluations and proof-of-concept assessments for new security technologies
• Assist with development of security awareness training content
• Devise methods to automate security operational tasks or streamline triage processes where applicable
• Perform or support activities such as penetration testing exposure reviews or secure code assessments when specialized coverage is needed

Skills

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field; or equivalent hands-on experience
• 1–3 years in a cybersecurity role is preferred
• Demonstrated experience in security monitoring, alert triage, and incident response, including familiarity with the full incident response lifecycle from detection through post-incident review
• Working knowledge of core security technologies including SIEM, EDR/XDR, SaaS, firewalls, content filtering, data loss prevention, endpoint protection, and log collection and analysis
• Strong understanding of network protocols and application layer services
• Familiarity with enterprise security platforms is a strong advantage, including but not limited to SentinelOne, Cribl, Zscaler, Netskope, Akamai, Firemon, Obsidian, Orca, Rapid7, Checkmarx, Tenable, and Intezer, to name a few
• Exposure to or genuine curiosity about adjacent cybersecurity disciplines including application security, cloud security, and SaaS security
• Familiarity with cloud security concepts and how they apply to a hybrid enterprise environment
• Prior exposure to AWS, Azure, or GCP security tooling is a plus
• Awareness of AI and emerging technology security risks, including exposure to AI platforms, large language models (LLMs), and concepts such as MCP security
• Experience with scripting or automation. Candidates who use code to solve operational problems, not just those who can write it, are strongly preferred
• Strong analytical instincts. Able to connect dots across disparate data sources, think through attacker behavior, and move from raw alert data to a clear conclusion
• Clear and direct communicator. Comfortable translating technical findings into plain language for non-technical stakeholders, and equally comfortable discussing details with engineering peers
• Self-starter with the ability to manage individual workstreams independently while contributing effectively within a team
• Comfortable operating with ambiguity and taking initiative when a clear path forward is not defined
• Genuine passion for cybersecurity. Someone who follows threat research, tracks industry news, tinkers in home labs, or pursues certifications on their own time

Benefits

• Health insurance with HSA and FSA options
• Dental insurance
• Vision insurance
• Life/AD&D insurance
• Short- and Long-Term Disability coverage
• 401(k) with generous company match
• Vacation time- Accrue 1.615 hours of paid vacation per week
• Paid holidays- 11 Core Scheduled Paid Holidays with potential additional paid days off as business operations and the calendar permit (e.g. in 2026, there is an additional 7 days of paid company closure).
• Paid sick leave accrued as state and local laws require
• Additional paid time off in the form of one volunteer day, bereavement time, as well as jury duty time.

Company Overview