Senior Security Engineer

Sandisk•Milpitas, CA

1d•Onsite

About The Position

We are seeking a highly experienced Senior Security Engineer to own, design, and continuously improve the security tooling ecosystem that underpins a modern, detection-first Security Operations Center (SOC). This role is deeply technical and hands-on, with primary responsibility for the reliability, effectiveness, and evolution of SOC platforms. This engineer will act as the L3/L4 technical authority for the security platforms utilized by the SOC—bridging engineering and operations—while also owning EDR health & hygiene, detection engineering enablement, and emerging threat assessment. The role partners closely with SOC analysts, Incident Response, Threat Intelligence, IT Infrastructure, and Architecture teams to ensure tools are resilient, trusted, and aligned to adversary behaviors.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience
5–10+ years of experience in security engineering, detection engineering, or advanced SOC technical roles
Demonstrated experience supporting SOC operations through engineering and platform ownership
Deep hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne)
Experience engineering SOC platforms rather than only consuming alerts (platform ownership mindset)
Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activity across workstation and server environments
Experience supporting malware analysis and sandboxing environments
Familiarity with SOC workflows, detection pipelines, and incident response requirements
Strong scripting and automation skills (PowerShell, Python)
Solid grasp of attacker TTPs mapped to the MITRE ATT&CK framework

Nice To Haves

Experience integrating SOC platforms with SIEM, SOAR, or case management platforms
Exposure to vulnerability management and scanning platforms
Experience designing detection validation or purple-team style testing
Relevant certifications (GIAC, GREM, GCED, GCIA, OSCP) preferred but not required

Responsibilities

Engineer, deploy, and maintain all core SOC platforms, including: Malware analysis and sandboxing solutions, Analyst workstation environments (Windows investigation VMs), Endpoint Detection & Response (EDR/XDR), Email Security Engineering, Vulnerability Scan Engineering
Act as technical owner for SOC platforms, including alignment with architecture requirements, lifecycle management, upgrades, and decommissioning
Ensure SOC platforms are engineered for scale, reliability, performance, and forensic integrity
Partner with IT and platform teams to resolve dependency, access, and infrastructure issues impacting SOC operations
Own EDR platform engineering, configuration, and operational health across the enterprise
Define and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution)
Monitor EDR health metrics and proactively remediate gaps impacting detection or response efficacy
Develop testing frameworks to validate EDR detections, policies, and response actions
Serve as a technical owner of detection engineering, enabling high-fidelity detections through better tooling, telemetry, and data quality
Validate that endpoint, sandbox, and supporting tooling generate the telemetry required to support detection logic and investigations
Collaborate on detection validation, tuning, and testing pipelines
Translate emerging threats and attacker techniques into tooling and telemetry requirements
Engineer and maintain malware detonation and analysis environments that support safe, repeatable analysis
Support SOC and IR teams with tooling for static and dynamic malware analysis
Improve sandbox fidelity to better represent enterprise environments and common attacker tradecraft
Assess new attacker techniques, malware families, and evasion tactics for detection and prevention opportunities across the enterprise
Identify gaps where tooling or configurations do not adequately surface malicious behavior
Evaluate new security tools and capabilities to address detection, analysis, or response gaps
Provide engineering-backed recommendations grounded in operational SOC realities
Automate routine SOC operations including health checks, validation, deployments, and reporting
Develop scripts and tooling (PowerShell, Python, etc.) to reduce manual overhead and analyst toil
Improve reliability through monitoring, alerting, and failure-mode testing of SOC platforms
Author and maintain engineering documentation for SOC platforms, architectures, and configurations
Define technical standards and guardrails for SOC platforms usage and integrations
Support audits, tabletop exercises, and incident reviews from a tooling and telemetry perspective

Benefits

paid vacation time
paid sick leave
medical/dental/vision insurance
life, accident and disability insurance
tax-advantaged flexible spending and health savings accounts
employee assistance program
other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
tuition reimbursement
transit
the Applause Program
employee stock purchase plan
the Sandisk's Savings 401(k) Plan
Short-Term Incentive (STI) Plan
annual Long-Term Incentive (LTI) program (restricted stock units (RSUs) or cash equivalents)