Security Operations Engineer

About The Position

Requirements

• A minimum of 3 years of experience in cybersecurity, with at least 2 years dedicated to security operations, a SOC environment and enterprise security.
• Demonstrated experience in incident response, including developing and implementing incident response playbooks and procedures, acting as incident commander on low severity incidents, and conducting post-incident analysis.
• Experience with JIRA or similar tools for creating dashboards, managing reports, and automating workflows to support cybersecurity operations.
• Proven track record in threat detection
• Strong knowledge in operating and configuring SIEM tools (e.g., Splunk, ELK) for real-time threat monitoring and analysis.
• Solid understanding of security technologies such as EDR (Endpoint Detection and Response), firewalls, and vulnerability scanners.
• Demonstrated track record of automating SOC processes, enhancing threat detection, or streamlining incident response using Python
• Proficient knowledge of threat actor behaviors, techniques and tools
• Experience investigating security events on MacOS, Linux and Windows systems
• Experience investigating security events in cloud environments including AWS and/or GCP
• Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time

Nice To Haves

• Experience with automating deployment and administration of detection capabilities with detection-as-code and CI/CD
• Experiencing with deploying and managing infrastructure using Terraform, CloudFormation or similar
• Experience developing detection capabilities for CI/CD environments

Responsibilities

• Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner.
• Responding to cybersecurity incidents from identification through resolution.
• Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies.
• Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response
• Collaborating with Engineering and SRE to identify and mitigate logging deficiencies
• Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage
• Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional
• Executing and improving incident response protocols and procedures to swiftly and effectively manage security incidents.
• Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team
• Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency.
• Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness.
• Collaborating with Engineering, IT and other departments to support the implementation and evangelization of established cybersecurity best practices across the organization.
• Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making.