Staff Security Operations Engineer
Lead security operations and threat detection engineering for a remote-first telemetry platform company. Design detection logic, manage incidents, and optimize SIEM/EDR tooling.
Responsibilities
- Monitor security events and alerts via SIEM, MSSP, AI, and CSPM tooling to identify and triage threats
- Develop, implement, and maintain high-fidelity detection rules and alerts in SIEM and other security platforms (EDR, Cloud Security tools) using threat intelligence and MITRE ATT&CK
- Continuously tune and optimize detection logic to reduce false positives
- Act as security incident response lead, leveraging and improving detection capabilities during investigations
- Build, enhance, and manage security playbooks incorporating detection engineering best practices
- Conduct security assessments of corporate assets through vulnerability testing, threat hunts, and purple team activities
- Perform internal and external security reviews of corporate properties and enterprise applications
- Lead security incident response tabletop exercises
- Champion use of Cribl products in the security tech stack to enhance detection, analysis, and response
- Collaborate with threat intelligence teams to integrate new IOCs and TTPs into detection strategies
Requirements
- Strong experience with modern security principles: SIEM, security data lakes, detection as code, EDR, zero trust networking
- Demonstrated experience with incident response and management
- Strong understanding of common attack frameworks (MITRE ATT&CK) and mapping detections to TTPs
- Understanding of authentication and authorization schemes (SAML, OpenID, OAuth2, SCIM)
- Scripting/coding experience in at least one of: Python, NodeJS, Ruby, Bash
- Experience developing, deploying, and maintaining detection rules (Sigma, YARA, Splunk SPL, KQL)
- Comfortable with ambiguity, strong analytical acumen, self-motivated, able to work cross-functionally
Nice-to-Haves
- Experience with SIEM platforms like Panther
- Familiarity with Wiz and cloud native security tooling for AWS, Azure, or GCP
- Relevant certifications in cloud security or incident response (e.g., SANS GIAC)
- Ability to communicate ideas to technical and non-technical audiences
Staff Product Security Engineer
Staff-level product security engineer leading security reviews, threat modeling, penetration testing, and LLM/AI security assessments for Okta's identity platform. Requires deep manual security expertise and strong communication skills.
Security Engineer II
Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.
Security Engineer II
Security Engineer II responsible for monitoring and responding to security alerts, administering enterprise security tools, supporting vulnerability and IAM programs, and securing cloud environments. Requires 3+ years in cybersecurity or related fields and scripting experience.
Senior Engineer, Security
Senior Security Engineer owning data security infrastructure including classification, masking, encryption, and AI data pipelines. Hands-on builder who defines and executes the data protection roadmap.