Staff Security Platform Engineer

About The Position

Requirements

• 12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
• Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
• Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
• Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
• Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
• Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
• Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.

Nice To Haves

• Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
• Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
• Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
• Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
• Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.

Responsibilities

• Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
• Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
• Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
• Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
• Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
• Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do — not just deployed and forgotten.
• Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.

Benefits

• annual bonus
• equity compensation
• health insurance
• dental insurance
• vision insurance