Principal Engineer, Security Operations

About The Position

Requirements

• 12+ years of cybersecurity experience with deep expertise in security operations, threat detection, or incident response within global enterprise or SaaS environments.
• Significant hands‑on experience developing and managing SOC functions for GCP and AWS, including cloud logging, monitoring, and automation.
• Strong familiarity with MSSP models, understanding how to measure and improve service quality through engineering insight and data.
• Proficiency with SOC tooling such as CrowdStrike, Orca, SIEM/SOAR platforms, and related telemetry and automation tools.
• Deep understanding of modern adversary tradecraft, cloud attack paths, and detection engineering frameworks.
• Experience supporting or interfacing with compliance programs such as SOC 2, ISO 27001, or SOX.
• Excellent analytical and communication skills, with the ability to present technical findings and risks to both engineers and executives.

Nice To Haves

• Advanced security certifications such as CISSP, GCIH, GCFA, CISM, or CCFR are highly desirable.
• Google Cloud certifications (e.g., Professional Cloud Security Engineer, Professional Cloud Architect) preferred.

Responsibilities

• Serve as the primary technical authority for Digital Turbine’s SOC ecosystem and cloud threat detection strategy.
• Optimize and mature our relationship with a Managed Security Services Provider (MSSP), ensuring detection quality, response speed, and continuous tuning meet DT’s requirements.
• Lead and execute complex incident investigations, encompassing triage, analysis, containment, and remediation across GCP, AWS, and containerized workloads (Kubernetes, serverless, etc.).
• Design and maintain advanced detection and automation use cases using SIEM, SOAR, and log management platforms, tailored to DT’s cloud environments.
• Operationalize and fine‑tune tools such as CrowdStrike, Orca Security, and related platforms to maximize visibility and protection coverage.
• Develop, test, and enhance incident response playbooks and threat‑hunting methodologies aligned with MITRE ATT&CK and industry best practices.
• Plan, coordinate, and execute tabletop exercises, as well as business continuity (BC) and disaster recovery (DR) drills, to validate response readiness and cross‑team coordination
• Define and track SOC performance metrics (e.g., MTTD, MTTR), producing clear and actionable insights for leadership and technical stakeholders.
• Collaborate with DevOps, application engineering, GRC, and legal teams to embed operational security practices that support compliance and business goals.
• Contribute to vendor selection, tooling evaluation, and threat intelligence initiatives that strengthen DT’s overall security posture.
• Act as a mentor and thought leader for peers and cross‑functional partners on detection engineering, incident response, and cloud security best practices.

Benefits

• bonus plan
• equity plan
• 401K
• unlimited PTO