Cybersecurity Engineer II

Piper Companies is currently seeking a Cybersecurity Engineer II for an opportunity in Carrollton, TX , to join a leading global organization within the healthcare and life sciences sector

Job Title: Cybersecurity Engineer II (Incident Response / Threat Hunting)

Compensation: 125K-130K

Onsite, Direct Hire opportunity

About the Opportunity

Our client, a leading global organization within the healthcare and life sciences sector, is seeking a Cybersecurity Engineer II to join their security operations team. This is a highly hands-on role focused on real incident response and proactive threat hunting—not a traditional ticket-driven SOC position.

This opportunity is ideal for someone who enjoys digging into attacker behavior, understanding the “why” behind alerts, and actively hunting threats across modern enterprise environments.

What You’ll Do

• Investigate and respond to security incidents end-to-end across endpoint, network, and cloud environments
• Analyze and triage alerts from EDR and SIEM platforms
• Conduct proactive threat hunting to identify hidden or emerging threats
• Examine attacker techniques, including process trees, command-line activity, and lateral movement
• Contribute to detection tuning and improve alert quality by reducing false positives
• Document findings and clearly communicate risk, impact, and remediation

What You Bring

• 2–5 years of experience in incident response, threat hunting, or advanced SOC environments
• Hands-on experience with EDR tools (e.g., CrowdStrike, Microsoft Defender)
• Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel)
• Strong understanding of common attack vectors (malware, phishing, account compromise)
• Exposure to cloud environments (Azure and/or AWS)
• Ability to independently investigate and explain security incidents in depth

Nice to Have

• Detection engineering or rule tuning experience
• Scripting skills (Python, PowerShell)
• Familiarity with the MITRE ATT&CK framework
• Experience in large enterprise environments
• Consulting background (Big 4 or similar)

What Success Looks Like

• You can clearly explain why activity is malicious—not just what actions were taken
• You understand process trees, command-line behavior, and attacker techniques
• You’ve independently handled investigations from start to finish
• You demonstrate curiosity, persistence, and strong analytical thinking

What This Role Is Not

• A ticket-based SOC monitoring role
• A compliance or GRC-focused position
• A role for candidates without hands-on investigation experience

Why This Role?

• High-impact, hands-on cybersecurity work in a complex enterprise environment
• Opportunity to deepen expertise in incident response and threat hunting
• Collaborative, technically strong team environment
• Strong visibility and growth potential

This job opens for applications on 4/15/2026. Applications for this job will be accepted for at least 30 days from the posting date.

#LI-KP1 #LI-ONSITE

Keywords: CQV, validation, equipment, commissioning, qualification, decommissioning, ECQ, IQOQPQ, IQ, installation qualification, OQ, operational qualification, PQ, performance qualification, process validation, lab, laboratory equipment, HPLC, high performance liquid chromatography, UPLC, ultra performance liquid chromatography, ultra-performance, high-performance, chromatographic system, CSV, computer system validation, FDA, IHC, compliance, regulatory, inspections, reporting, control systems, MES, manufacturing execution systems, GALP, good automated laboratory practices, GLP, good laboratory practices, GMP, good manufacturing practices, QC, quality control, software upgrades, SOPs, standard operating procedures, work instructions, safety protocols, solutions, equipment commission, calibration, repair, maintenance, cGMP, current good manufacturing practice, GXP, SDLC, software development life cycle, 21CFR part 11, GDP, good documentation practice, pharma, pharmaceutical, CMMS, computerized maintenance management system, CMS, calibration management system