Staff SOC Engineer – Security Telemetry & Detection Platforms

About The Position

Requirements

• Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience – Required
• 6+ years of progressive experience in security/infrastructure engineering or SOC engineering focused on SIEM/EDR, telemetry pipelines, and detection content – Required
• Demonstrated success deploying and operating Splunk Cloud, Cribl Cloud, CrowdStrike Falcon at enterprise scale, including RBAC, API integrations, and platform hygiene – Required
• Hands‑on experience engineering data ingestion pipelines and normalizing logs from operating systems, AWS, Azure, and network sources – Required
• Strong technical background and tacit understanding of detection engineering, OCSF modeling, SPL optimization, CIM mapping, and content tuning to reduce ingest volume and improve signal to noise – Required
• Proven ability to collaborate across security operations, architecture, infrastructure, and product teams; strong stakeholder communication and documentation skills – Required
• Ability to map and document complex systems and processes, including data lineage and schema/field mappings – Required
• Familiarity with NIST frameworks, MITRE ATT&CK, and secure by design practices; experience with control validation and metrics/KPIs for continuous improvement – Required
• Experience supporting 24/7 SOC operations, including on call participation and multi region ingestion scenarios – Required
• Advanced analytical and problem-solving skills; competency with analysis and diagramming tools (e.g., Lucidcharts, Visio, Excel) – Required

Nice To Haves

• Relevant platform certifications (e.g., Splunk Core/Cloud, Cribl Certified Observability Engineer, CrowdStrike CCFA/CCFR) – Preferred
• Security certifications (e.g., CISSP, GSEC, GCDA, Cloud+) – Preferred
• Experience integrating security telemetry into CI/CD pipelines and applying version control, testing, and staged releases for detections and pipeline changes – Preferred
• Proficiency in automation and scripting (e.g., Python, PowerShell) and experience with SOAR (e.g., Tines) and infrastructure as code (e.g., Terraform) – Preferred

Responsibilities

• Administer and engineer improvements to enterprise security telemetry and detection platforms—including Splunk Cloud, Cribl Cloud, CrowdStrike Falcon, and Tines—ensuring reliability, performance, and cost efficiency.
• Implement secure by default telemetry patterns and logging standards across operating systems, cloud, and network data sources.
• Design, build, and maintain Cribl Cloud pipelines (Routes, Pipelines, Packs) for secure, cost managed, and high throughput log routing, enrichment, filtering, and transformation into Splunk Cloud and other destinations.
• Engineer Splunk Cloud content (SPL searches, correlation rules, alerts, dashboards, data models, CIM mapping, RBA where applicable) with an emphasis on signal quality, performance, and SLO/KPI driven cost control.
• Define and maintain role-based access controls (RBAC), least privilege models, and user provisioning across telemetry and detection platforms to enable auditable operations.
• Contribute to integration and automation across SOC tooling and enterprise systems (e.g., Tines, cloud native logging in AWS/Azure/GCP, threat intel feeds, ticketing/ITSM) to streamline detection, enrichment, and response workflows.
• Author and maintain explicit documentation—including system design documents, reference implementations, runbooks, and technical decision records capturing rationale, architecture, and operational procedures.
• Apply tacit understanding of SIEM/EDR behavior, data schemas, and pipeline constraints to troubleshoot complex issues, reduce noise, and close visibility gaps.
• Participate in incident response by developing targeted searches, conducting log analysis, identifying root causes, and providing platform/tooling expertise during high severity events.
• Implement and continuously improve control validation (data quality checks, parsing/field extraction tests, content regression tests) and observability (health monitors, capacity, latency, backlog, and error metrics).
• Evaluate emerging telemetry sources, detection approaches, and vendor capabilities; build proofs of concept to assess fit, security posture, and operational impact.
• Support identity, access, and privilege strategies within SOC platforms (API tokens, service accounts, secrets management, SSO/SAML/OIDC) aligned to enterprise guardrails.
• Collaborate in post incident reviews and resilience improvements, translating findings into backlog items for pipeline hardening, new log sources, or content tuning.
• Contribute to responsible logging and monitoring for AI enabled applications and platforms (e.g., model/service telemetry, prompt/audit logs), integrating risks and controls into detection strategy.
• Serve as the security telemetry and detection engineering representative for Global Security Office in technical forums, ensuring platform considerations are aligned with enterprise strategies and governance.
• Perform other duties as assigned.

Benefits

• annual bonus plan
• long-term equity incentive plan
• full range of health, retirement, and other employee benefits