SOC Engineer

About The Position

Requirements

• 5+ years in security operations, incident response, or detection engineering with demonstrated depth across multiple domains.
• Strong fluency in logging and telemetry — able to evaluate an environment's coverage posture, identify deficiencies, and articulate what's needed for effective detection and investigation.
• Hands-on experience with SIEM platforms (Google Chronicle, Microsoft Sentinel, and/or Splunk a plus) — enough to understand data modeling, rule architecture, and parser quality, and recognize when a deployment falls short of what our MDR SOC requires.
• Solid understanding of response automation — enrichment pipelines, SOAR playbook structure, containment logic — and the judgment to evaluate whether automation is working as intended.
• Working knowledge of cloud security architecture in at least one major cloud (AWS, Azure, or GCP), including native log sources and their value for investigation.
• Scripting proficiency in Python or PowerShell for automation support, and integration work.
• Clear, confident communicator across technical and non-technical audiences — customers, engineers, and analysts alike.

Nice To Haves

• Familiarity applying AI or LLM-based tooling to security workflows — investigation assistance, alert triage, log analysis, or automation — is a strong plus.
• Multi-cloud breadth across AWS, Azure, and GCP security tooling and telemetry.
• Experience with IaC (Terraform, CloudFormation) and DevSecOps practices.
• Familiarity authoring detection runbooks, investigation guides, or SOC operating procedures.
• Splunk Enterprise Security depth — ES notable events, risk-based alerting, correlation search architecture.
• Container and Kubernetes security monitoring exposure.
• Experience building or evaluating AI-assisted security tooling, agentic workflows, or LLM-augmented investigation and response.

Responsibilities

• Handle complex incident response and escalation. Take ownership of high-severity and technically complex incidents — leading investigation, driving containment decisions, and communicating findings clearly when it counts.
• Assess and improve telemetry and logging coverage. Automate evaluation of customer environments for logging gaps and deficiencies across endpoint, network, identity, and cloud. Specify what's needed for effective detection and investigation, and work with customers and internal teams to close the gaps.
• Ensure SIEM and detection quality. Apply deep platform knowledge to evaluate detection fidelity, data normalization, parser quality, and alert logic — identifying where coverage or quality falls short and partnering with detection engineering to address it.
• Contribute to response automation quality. Work closely with the SOAR team to review enrichment logic, containment playbooks, and automation design — bringing an incident responder's perspective to what works under pressure and what doesn't.
• Support technical needs across the organization. Serve as a knowledgeable resource for forward-deployed engineers, onboarding teams, and customers on questions spanning telemetry, investigation, platform behavior, and response — representing the SOC's technical depth across functions.
• Improve SOC tooling and operational workflows. Identify friction in how analysts triage, investigate, and respond. Partner on tooling improvements, process changes, and reference content that raise consistency and quality across the team.

Benefits

• Competitive salary and benefits package.
• A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.