Security Analyst/Engineer

Who We Are...

Since our founding in 1901, Limbach's primary core value has always been simple: We Care. That commitment extends to our people, our customers, and the communities we serve-driving a culture of belonging across our industry.

Limbach Company LLC, a subsidiary of Limbach Holdings, Inc. (NASDAQ: LMB), is a leading building systems solutions firm delivering mission-critical systems that support life's most important moments. We specialize in revitalizing and maintaining HVAC, mechanical, electrical, plumbing, and control systems within existing facilities-ensuring buildings are always ready to perform when it matters most.

Learn more about Limbach by checking out our YouTube channel: We Are Limbach - YouTube

From healthcare and education to government and commercial facilities, we partner with building owners and operators to safeguard reliability, efficiency, and comfort where it's needed most.

Our vision is to create value for building owners targeting opportunities for long term relationships.

Our purpose is to create great opportunities for people.

Learn more about Limbach's commitment to our people and career opportunities, straight from our employees via the Limbach Unlocked podcast: Limbach Unlocked - Why We Chose Limbach

We carry out our vision and purpose through a commitment to our four core values...

• We Care
• We Act with Integrity
• We Are Innovative
• We Are Accountable

The Benefits & Perks...

• Base salary range of $120K - $130K
• Full portfolio of medical, dental, and vision benefits, along with 401K plan and company match.
• HSA, FSA, and life insurance offerings.
• Maximize your professional development with our award-winning Learning & Engagement team.
• Engage in our "We Care" culture through our ERGs, brought to you by EMBRACE.
• Career pathing flexibility and mobility.

Who You Are...

As Security Analyst / Engineer, you will serve as the organization's primary, hands-on security operations lead. Reporting directly to the CIO, the candidate will triage SOC outputs, tune detection logic, drive automated response through SOAR playbooks, own the vulnerability management lifecycle, and lead incident response from detection through remediation and post-incident lessons learned. They act as a trusted partner to our outsourced SOC, the quarterback for IR, and the technical voice to the CIO and Board on operational security posture working closely with our IT Operations leader.

This Position...

Some examples of the work you might do includes:

• Security Operations & Monitoring: Serves as the primary liaison to our outsourced SOC and vCISO. Triage, validate, and prioritize alerts from SIEM (e.g., Google Chronicle, GrayMatter, or equivalent). Ensures log integrity, enrichment, and actionable alerting.
• SOAR & Automation: Builds, maintains, and iterates SOAR playbooks (Google SOAR or comparable) to automate containment, enrichment, and evidence collection; lowers MTTR by automating low-risk actions while preserving human judgment for high-impact events.
• Incident Response: Lead detection containment eradication recovery workflows. Owns post-incident reviews, creates remediation roadmaps, and tracks closure of corrective actions. Conducts regular tabletop exercises and maintains IR runbooks and escalation paths.
• EDR/MDR/XDR Management: Administers and tunes EDR/MDR/XDR platforms (deployment health, telemetry, detection rules, containment capabilities). Investigates endpoint events, performs root cause analysis, and coordinates remediation with IT operations.
• Vulnerability Management: Operates the vulnerability management program (Rapid7, Tenable.io, or equivalent): schedules scans, triages findings, prioritizes by risk and asset criticality, and shepherds remediation with engineering teams. Proposes and verifies system hardening measures and baselines.
• Detection Engineering: Authors correlation rules, analytic searches, and detection content; reduces false positives while increasing meaningful detections. Builds dashboards and KPIs that communicate detection coverage and efficacy.
• M&A & Integration Security: Leads security due diligence and integration activities for acquisitions: identities & accesses reviews, vulnerability scans, endpoint posture checks, and integration playbooks to onboard new entities into Limbach's security baselines.
• Training & Knowledge Transfer: Develops and delivers IR and detection training for IT and business teams. Produces clear operational documentation, SOPs, and playbooks. Coaches SOC engineers and champions continuous improvement.
• Reporting & Executive Communication: Produces monthly operational and executive risk reports (incidents, vulnerability trends, MTTR, coverage gaps). Briefs the CIO and Board with concise risk-based recommendations.
• Third-Party Coordination: Manages relationships and SLAs with MDR/MSSP/MDR providers, forensic firms, and other security partners.

What You Need...

• 5+ years of progressive, hands-on cybersecurity experience, with significant time spent in SOC and incident response environments.
• Demonstrated expertise with SIEM and SOAR platforms (Google Chronicle, GrayMatter, Chronicle SOAR, or comparable).
• Proven track record managing EDR/MDR/XDR solutions and performing endpoint investigations.
• Hands-on experience owning vulnerability programs with Rapid7, Tenable.io, or similar tooling.
• Experience writing detection logic, playbooks, and incident runbooks; demonstrable success in alert tuning and automation.
• Real-world experience coordinating cross-functional incident response activities and driving remediation to completion.
• Scripting and automation skills (PowerShell, Python, Bash) to automate enrichment, containment, and evidence collection.
• Strong Windows and Linux administration/forensics fundamentals; network fundamentals and packet-level troubleshooting.
• Familiarity with cloud security (Azure, Microsoft 365, Intune, Conditional Access) and endpoint management tools.
• Knowledge of security controls, hardening standards, and configuration baselines.
• Ability to read and interpret logs and telemetry across endpoints, network devices, and cloud services.
• Superior written and verbal communication; able to explain technical findings to non-technical and executive audiences.
• Decisive under pressure, methodical in evidence collection, and disciplined in documentation.
• Collaborative, tactful, and experienced at working with cross-functional teams (IT ops, HR, Legal, vendor partners).
• Strong project management and organizational skills with an eye for measurable outcomes.
• Ability to travel up to 15% of the time.

Preferred Qualifications:

• Certifications: CISSP, GCIH, GCFA, ECIH, or Security+ (or equivalent).
• Prior role as a dedicated incident responder or IR team lead.
• Experience with Microsoft Defender for Endpoint, Azure Security Center, and native cloud telemetry.
• Familiarity with compliance frameworks (SOC 2, NIST CSF/800-171, ISO 27001) and how detection/IR maps to them.
• Experience in multi-site enterprise environments and with M&A integration security.

Conduct Standards:

• Maintains appropriate Company confidentiality at all times.
• Protects the assets of the Company and ethically upholds the Code of Conduct & Ethics in all situations.
• Cultivates and promotes the "Hearts & Minds" safety culture.
• Consistently exemplifies the Core Values of the Company (we CARE, we act with INTEGRITY, we are INNOVATIVE, and we are ACCOUNTABLE).

Work Environment:

• This position operates primarily in an office environment and routinely utilizes standard office equipment, such as computers, phones, copiers, and filing cabinets.
• The Company's Remote Work Policy is applicable to this position.

Physical Demands:

• In performing the duties of this job, the incumbent is regularly required to talk, hear, perform repetitive motion, and possess an appropriate degree of both visual acuity and manual dexterity.
• This is considered a sedentary position, which means possible exertion up to ten (10) pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects.

This job description is intended to describe the general nature of work being performed by the individual who assumes this role, not an exhaustive list of responsibilities. Duties, responsibilities, and activities may change at any time, with or without notice, as business needs dictate. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Limbach Facility Services LLC is an Equal Opportunity Employer.

#LFS