Senior Security Engineer

About The Position

Requirements

• 5+ years in security operations, detection and response, or infrastructure and cloud security at a SaaS company, including time owning detection or IR for a production environment.
• Hands-on detection engineering. You write and tune detections, build pipelines, and work in a SIEM directly. You don't just watch dashboards.
• Strong cloud security background in GCP and/or Azure: identity, network, workload, and posture management.
• Hands-on with perimeter and network security: WAF/CDN (Cloudflare or similar), DNS security, and edge controls.
• Deep identity and access experience: Okta or similar IdP, SSO, SAML, SCIM, MFA, and RBAC in practice.
• Real incident response experience. You've led investigations end to end, from first alert to post-incident review.
• Comfortable scripting and automating (Python or similar). You can read code and build your own tooling, not just buy it.
• Track record of running vulnerability management as a program, not a queue.
• Excellent written communication. You can write a runbook engineers follow, a detection writeup that's genuinely useful, and a post-incident review leadership trusts.
• A strong internal sense of urgency and a bias toward shipping and automating today rather than tomorrow.

Nice To Haves

• Detection-as-code experience (Panther, Sigma, or similar) and treating detections like software.
• Experience securing AI / LLM infrastructure and the operational risks around agents and model access.
• Series B or earlier experience where you built or scaled a security operations function from limited scaffolding.
• GCIH, GCIA, GCFA, OSCP, or comparable hands-on credentials.
• Experience with SOAR or security automation platforms.
• Background supporting enterprise customers in regulated industries.

Responsibilities

• Own detection and response across Ivo's cloud, identity, and endpoint estate.
• Build and tune detections in our SIEM (Panther). Turn noisy telemetry into high-signal alerts engineers and IT actually act on, with a strong bias toward signal over noise.
• Lead incident response for infrastructure, identity, and corporate-layer security events. Run investigations end to end, drive containment and recovery, and write the post-incident review.
• Own cloud security posture across GCP and Azure. Find misconfigurations, prioritize real risk, and partner with engineering to close it.
• Own perimeter and network security. Manage Cloudflare WAF rules, DNS security, and edge controls, and harden our network and infrastructure config against real-world attack patterns.
• Run vulnerability management for our infrastructure and assets. Triage, prioritize, and drive remediation to closure rather than just forwarding scanner output.
• Operate and harden identity and access (Okta, SSO, SAML, SCIM, MFA, RBAC). Own provisioning and deprovisioning hygiene, access reviews, and least-privilege enforcement.
• Manage endpoint and device security (Kandji for MDM) and email security (Material). Keep the fleet hardened and monitored.
• Build security automation that removes toil. Script away repetitive work, wire up SOAR-style response, and make the secure path the easy path.
• Run proactive threat hunting across logs and telemetry, and develop detection coverage against the threats that actually target a company like ours.
• Produce and maintain operational evidence for SOC 2 Type II, ISO 27001, and ISO 42001, and support our compliance and enterprise security review programs.
• Contribute security operations input to enterprise security reviews and customer-facing trust documentation.
• Partner with engineering and IT rather than blocking them. You ship paved roads, not tickets.

Benefits

• Health insurance
• Dental insurance
• Vision insurance