cybersecurity engineer senior, threat detection and response

Starbucks Coffee Company•Seattle, WA

About The Position

This role contributes to Starbucks’ success by operating within the Security Operations Center (SOC) to detect, investigate, and respond to cybersecurity threats across the enterprise. You will leverage SIEM and SOAR platforms to perform advanced log analysis, validate alert fidelity, and continuously assess the operational health and coverage of Starbucks’ security tooling. You will design, build, and tune detections within the SIEM, translating real world adversary behaviors and MITRE ATT&CK aligned TTPs into high confidence, actionable alerts. This includes authoring and maintaining detection logic (e.g., KQL, SPL, or equivalent), reducing false positives and closing visibility gaps. The role also focuses on maturing automation through SOAR by developing playbooks that standardize and accelerate investigation, enrichment, containment, and response workflows. You will integrate SOAR with security and IT platforms to automate repeatable actions. The ideal candidate demonstrates strong analytical problem solving skills, clear technical communication, and deep expertise in modern attack techniques, logging architectures, and SOC operations. A proven, hands on track record of advancing detection engineering, SIEM/SOAR effectiveness, and incident response capabilities in highly targeted, large scale environments is essential. Success in this role is defined by measurable contributions to a world class SOC and cybersecurity program that proactively detects threats, rapidly contains incidents, and drives consistent, effective resolution across all cybersecurity events.

Requirements

5+ years of experience working in an information technology discipline
4+ years of security operations experience
2+ years of detection engineering experience
2+ years of Threat hunting experience
Deep technical understanding of modern Cybersecurity threats
Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework
Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, or Java
Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
Basic understanding of compliance and regulatory requirements such as SOX and PCI.
Ability to balance multiple priorities and meet deadlines
Excellent problem-solving abilities
Passionate about cybersecurity and self-driven to become an expert

Nice To Haves

Demonstrated expertise in at least two technologies, such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, or Container Security.
Skilled in at least two focus areas, including Phishing, Data Loss Prevention (DLP), Compliance, Networking, Digital Forensics, Big Data, Threat Intelligence, Operating Systems, or Reverse Engineering.
Actively supports the cybersecurity community by teaching or contributing code.
Holds certifications like CISSP, SSCP, GCIH, or other credentials emphasizing cybersecurity.

Responsibilities

Identify, evaluate, and appropriately address alerts and incidents
Develops detections based on the MITRE ATT&CK Framework
Proactively identifies emerging threats and conducts threat hunting for undetected activity within the environment
Assess alerts to establish their legitimacy, and urgency
Adhere to SOC playbooks and standard operating procedures (SOPs) to promote consistency in triage and decision-making.
Conduct a thorough review and audit of existing logging systems to identify any gaps in detection capabilities.
Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews
Performs in-depth investigations on Windows, Linux, and MacOS hosts
Create stories to enhance the SOAR environment for engineers
Enhance SOC processes with feedback and operational insights
Serves as both a mentor and an escalation point for SOC engineers
Tune security tool configuration to minimize false positives
Work closely with security leaders, engineers, and compliance teams to implement effective security plans
Serve as a subject matter expert for security tools, applications, and processes

Benefits

medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits
short-term and long-term disability
paid parental leave
family expansion reimbursement
paid vacation from date of hire
sick time (accrued at 1 hour for every 25 hours worked)
eight paid holidays
two personal days per year
401(k) retirement plan with employer match
discounted company stock program (S.I.P.)
Starbucks equity program (Bean Stock)
incentivized emergency savings
financial well-being tools
100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan
student loan management resources
access to other educational opportunities
backup care
DACA reimbursement