Senior Security Engineer

SpyCloud•Austin, TX

35d

About The Position

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further! Overview of Job/Team: We are seeking an experienced Security Engineer to join our internal security team who thrives in a fast-paced environment. You have a passion for innovation, solid design principles, and high-quality development. You bring strong infrastructure and detection engineering fundamentals, a security-first mindset, and a deep understanding of cloud and networking concepts.

Requirements

At least 5 years of professional experience in a DevOps, Security Engineering, or Detection Engineering role maintaining relevant production infrastructure.
Strong working knowledge of AWS services such as EC2, ECS or EKS, Lambda, ELBs, Transit Gateway, VPC, CloudWatch, S3, Code/Build/Pipeline/Deploy, etc.
Strong working knowledge of Terraform or similar tools, AWS CLI/SDK, Boto.
Extensive experience with SIEM content engineering, data transformation, and log onboarding.
Proficiency with scripting languages such as Python, Bash, etc.
Proficiency integrating systems via API and their respective authentication mechanisms.
Strong understanding of networking fundamentals and troubleshooting techniques for bare metal and containerized workloads.
Experience with best practice build pipelines, including Git/GitHub.

Nice To Haves

Experience with EDR tools, such as CrowdStrike Falcon and Sentinel One.
Experience with SOAR playbook building and automation, such as Tracecat and Chronicle SecOps.
Experience with Cribl Stream.
Familiarity with Cloud Security Posture Management, such as Crowdstrike and Wiz.

Responsibilities

Design, improve, and maintain secure, durable, and performant infrastructure to power applications, security tooling, log collection, and data mining/ETL workflows.
Evolve log collection, processing, and storage infrastructure enabling security monitoring and investigations.
Support multi-account and multi-region AWS networking architectures with security-first principles.
Develop and maintain Splunk detection content aligned to the relevant frameworks and evolving threat intelligence.
Administer the Splunk Cloud platform, including search health, log health, and app, platform, and content updates.
Design and implement SOAR playbooks to automate investigation and response workflows.
Integrate infrastructure security tooling and automation to enhance detection, prevention, and response capabilities.
Build and maintain detection-as-code and automated deployment pipelines to ensure consistency, repeatability, and auditability.
Continuously refine detection logic to reduce false positives and increase signal quality.
Implement and operate security technologies across the enterprise, such as an endpoint security platforn.
Support incident response and investigation escalations.
Proactively meet standards for information security and compliance, such as SOC 2/ISO27001.
Implement and uphold security measures across all infrastructure components.
Work cross-functionally with Product, IT, DevOps, and Engineering teams to drive secure-by-default practices.
Drive architectural and design decisions for SpyCloud’s detection program and platforms.
Mentor junior engineers and establish best practices across infrastructure and detection engineering domains.