Youll join a mature and collaborative environment where foundational work has already been laid, and you'll have the opportunity to advance how we detect, investigate, and respond to threats – with the support of strong cross-functional partnerships and best-in-class tools.
RESPONSIBILITIES
Detection Engineering
Develop, tune, and maintain detection rules, correlation logic, and alerting workflows within our SIEM.
Integrate high-quality telemetry from cloud environments, infrastructure, SaaS applications, and internal systems.
Collaborate with Engineering and DevOps to improve visibility, signal-to-noise ratio, and logging coverage.
Automation & Enrichment
Design and implement enrichment and response automation (e.g., SOAR platforms, serverless functions).
Explore and integrate LLM-based agents or AI-enhanced triage/classification tools where practical.
Continuously improve response playbooks, integrations, and automation pipelines.
Incident Response Leadership
Serve as the operational lead for security incident response, from triage through resolution and post-incident review.
Maintain and evolve IR runbooks; lead tabletop exercises to strengthen organizational readiness.
Coordinate investigations across Security, Engineering, GRC, IT, and Legal as needed.
Metrics & Reporting
Own and continuously improve dashboards and reporting that track key detection and response KPIs (e.g., MTTR, detection coverage, false positive rates).
Deliver data-driven insights to security and engineering leadership to inform strategy and operational improvements.
Case Management
Take responsibility for the case management lifecycle across detection, triage, and incident handling.
Ensure the incident handling process is tightly integrated with automation, documentation standards, and relevant security tooling.
Evaluate opportunities to enhance case tracking infrastructure in alignment with program growth and maturity.
Collaboration & Growth
Partner cross-functionally with teams in Engineering, DevOps, IT, Privacy, and GRC.
Support ongoing vendor relationships and bring a continuous improvement mindset to tooling and processes.
5+ years in a threat detection, SOC, or incident response role in a cloud-native environment.
Strong hands-on engineering experience with SIEM tools (e.g., Sumo Logic, Sentinel, Splunk, ELK).
Solid scripting and automation skills (Python preferred); familiarity with SOAR platforms or cloud-native functions (Lambda, GCP Cloud Functions).
Deep understanding of cloud environments (AWS/GCP), logging, and security telemetry.
Experience managing real-world incidents in production systems.
Experience managing or enhancing security case management processes and tooling.
Familiarity with AI/LLM tools applied to security – a plus.
Hands-on experience with technologies supporting web application protection, fraud detection, behavioral analytics, and automated threat mitigation (e.g., Cloudflare, AWS WAF, Akamai, Imperva, ThreatMetrix) – a plus
