Skip to content
DispelDispelUnited States

Senior Security Operations Engineer

Senior Security Operations Engineer owns SOC operations using Google SecOps and SentinelOne, builds detection rules and SOAR playbooks, manages incident response and vulnerability remediation, and provides technical leadership to analysts. Requires 6+ years in security operations with hands-on SIEM/EDR experience.

136k – 155k/yr
Remote6+ YOESecurity Engineering

About the role

Key Responsibilities

SIEM/SOAR Operations (Google SecOps)

  • Own the log ingestion pipeline end-to-end: identify gaps, build feeds, validate parsing, maintain coverage dashboards
  • Close the federal logging gap and stand up commercial logging across AWS, Azure, Entra ID, and SaaS
  • Activate and configure SecOps SOAR capabilities including Domain-Wide Delegation, marketplace integrations, and bidirectional response actions
  • Build and maintain SOAR playbooks for major incident types such as phishing, malware, account compromise, lateral movement, and cloud-specific threats
  • Develop and maintain operational dashboards for SOC metrics, alert volumes, MTTA/MTTR, and coverage status
  • Manage Google SecOps RBAC

Detection Engineering

  • Build and deploy production detection rules mapped to MITRE ATT&CK within the first year
  • Develop custom parsers for AWS-native security services including GuardDuty, Security Hub, Inspector, WAF, CloudTrail, and VPC Flow Logs
  • Establish a detection lifecycle including proposal, testing, deployment, tuning, and retirement
  • Conduct quarterly detection quality reviews to measure false positive rates, coverage gaps, and rule health
  • Develop alert threshold optimization to reduce noise and analyst fatigue

Endpoint Detection and Response (SentinelOne)

  • Drive SentinelOne deployment across Azure VMs in commercial environments and all federal endpoints
  • Configure and operationalize Cloud Funnel for log export into Google SecOps
  • Build correlation rules between EDR alerts and SIEM detections
  • Manage SentinelOne RBAC groups and policy configuration
  • Coordinate with IT on agent deployment, health monitoring, and version management

Incident Response

  • Serve as senior escalation point for SOC incidents, ensuring investigations are thorough and reports include root cause, remediation actions, credential rotation plans, and follow-up timelines
  • Improve MTTA and MTTR through process optimization, better tooling, and analyst development
  • Lead quarterly tabletop exercises and after-action reviews
  • Maintain and improve incident response runbooks for all major incident categories
  • Integrate incident response workflows with Jira Service Management for tracking and escalation

Vulnerability Management

  • Operationalize monthly scanning cadence across all environments using tools such as Nessus, AWS Inspector, and Azure Defender
  • Define and enforce remediation SLAs by severity: Critical within 72 hours, High within 7 days, Medium within 30 days
  • Build consolidated vulnerability dashboards in Google SecOps
  • Track SLA compliance and report metrics to the CISO
  • Coordinate remediation with engineering and infrastructure teams

MSSP Oversight

  • Serve as primary technical interface with MSSP partner for 24/7 SOC coverage
  • Define and hold the MSSP accountable to SLAs, alert quality, and escalation procedures
  • Review MSSP deliverables such as dashboards, reports, and playbooks for quality and completeness
  • Manage the transition from the previous MSSP and ensure no coverage gaps

SOC Team Technical Leadership

  • Provide day-to-day technical direction to SOC analysts by setting priorities, assigning tasks, and reviewing work products
  • Ensure incident response reports, playbooks, and dashboards meet quality standards before delivery to leadership or external stakeholders
  • Drive OKR execution for SOC-related objectives including logging coverage, detection counts, incident response metrics, and vulnerability SLA compliance
  • Identify skill gaps and development opportunities for junior analysts
  • Establish and enforce SOC processes that are documented, repeatable, and auditable

Required Qualifications

  • 6+ years of experience in security operations, detection engineering, or SIEM/SOAR engineering
  • Hands-on experience with Google SecOps (Chronicle) or equivalent enterprise SIEM such as Splunk, Sentinel, or QRadar, with Chronicle strongly preferred
  • Production experience with SentinelOne, CrowdStrike, or a comparable EDR platform
  • Deep knowledge of AWS security services including GuardDuty, Security Hub, Inspector, CloudTrail, WAF, and Config
  • Experience building detection rules mapped to the MITRE ATT&CK framework
  • SOAR playbook development and automation experience
  • Demonstrated ability to lead without formal authority by setting direction for peers or junior analysts
  • Strong incident response skills with experience writing complete reports for executive and external audiences
  • Understanding of NIST 800-53 controls, particularly Audit, System Integrity, and Incident Response families
  • Excellent written communication skills

Preferred Qualifications

  • Experience with Google SecOps (Chronicle), SentinelOne, or similar SIEM/SOAR platforms; certifications are a plus
  • Experience working in a FedRAMP High environment such as AWS GovCloud
  • Azure security experience including Defender for Cloud, Entra ID, Log Analytics, and Event Hubs
  • Experience managing MSSP relationships and enforcing SLAs
  • Background in OT/ICS security monitoring
  • Experience with vulnerability management tools such as Nessus, Inspector, or Defender
  • Previous experience in a startup or high-growth environment building SOC capabilities from early stages

Certifications (Preferred, not required)

  • GCIA, GCIH, GSOM, or other GIAC blue team certifications
  • Google Chronicle or SecOps certifications
  • AWS Security Specialty
  • CISSP or CISM
  • Detection engineering certifications such as SANS SEC555 or SEC511

Benefits

  • 136K-155K base + equity and performance bonus eligible, depending on experience and location
  • Full medical, vision, and dental insurance
  • Generous PTO
  • Remote-first culture with flexible hours
  • Opportunity to protect critical infrastructure at scale
  • Work with patented, cutting-edge security technology
  • Direct ownership of SOC maturation
  • Collaborative team with military, federal, and private sector expertise

Skills

Google SecopsChronicleSentineloneSIEMSoarAws GuarddutyAws Security HubAws InspectorCloudtrailWafMitre Att&CkEdrCrowdstrikeAzure DefenderEntra Id
Lyft

Senior Security Engineer, Corporate Security

LyftSeattle, WA

Builds secure processes and systems for corporate security, partnering cross-functionally to enable safe operations. Requires 5+ years engineering experience with Python/Go, databases, networking protocols, and security systems.

136k – 170k/yr
Hybrid5+ YOESecurity Engineering
Plaid

Senior Security Analyst, Customer Assurance

PlaidNew York, NY +3

Own Plaid's Security Contracts program: review security provisions in MSAs/DPAs/addenda, provide positions to Legal/GTM for negotiations, build scalable processes/playbooks, track patterns for improvements, and support questionnaires/audit calls. Requires 6+ years in security GRC/assurance with fintech experience, deep clause knowledge, and AI fluency.

134k – 214k/yr
Hybrid6+ YOESecurity Engineering
Teleport

Senior Software Engineer, Security

TeleportUnited States

Senior Software Engineer building security features for Teleport's access platform, focusing on cryptography, networking, automation, AI agents, and detection/response using Go/Rust. Contributes to open-source code reviews, vulnerability hunting, and hardening defenses.

138k – 342k/yr
RemoteSecurity Engineering
Pindrop

Senior Security Engineer

PindropUnited States

Senior Security Engineer on the Red Team performing offensive security, adversarial testing, and red team operations against GenAI/LLM systems, deepfake defenses, cloud infrastructure, and SaaS products. Requires 3+ years of hands-on pen testing/red team experience plus demonstrable GenAI attack experience.

140k – 165k/yr
Remote3+ YOESecurity Engineering
Ontic

Senior AI Security Engineer

OnticUnited States

Lead development of AI security controls, governance frameworks, and risk management practices. Conduct assessments, implement guardrails, and ensure responsible AI deployment across the organization.

140k – 160k/yr
Remote5+ YOESecurity Engineering