Senior Security Engineer
Continental General · Austin, TX · 1 mo ago
HybridEngineering$79k–$130k/yrFull-time
About the role
The Senior Security Engineer is a hands-on technical contributor responsible for advancing security platforms, detections, automation, and cloud security capabilities across AWS, SaaS, and enterprise environments.
Responsibilities
- Own engineering and advanced configuration across SIEM, SOAR, CSPM, EDR, SASE, and data security platforms.
- Build integrations, logging pipelines, and enrichment logic across AWS, SaaS, and identity providers.
- Contribute to platform strategy, participate in technology selection and proof-of-concept evaluations.
- Apply and help refine engineering standards for logging, telemetry, detection content, and automation practices.
- Develop and tune detections mapped to MITRE ATT&CK, cloud threats, and environment-specific risk.
- Build enrichment pipelines, correlation logic, and advanced SIEM analytics (Splunk SPL).
- Identify logging and telemetry gaps and engineer new data sources across AWS and SaaS platforms.
- Partner with threat intelligence to incorporate adversary behaviors into detection logic and hunting hypotheses.
- Design and implement SOAR playbooks, enrichment workflows, and automated response actions.
- Develop automation scripts and APIs (Python, PowerShell, Bash) for security operations functions.
- Use AI-assisted development tools to accelerate automation build-out, reduce manual workflows, and improve iteration speed on security engineering tasks.
- Proactively evaluate emerging AI tooling, agentic workflows, and automation integrations for applicability to security operations; bring validated approaches to the team before they become industry standard practice.
- Engineer cloud security controls and observability across multi-account AWS environments.
- Extend CSPM capabilities with custom rules, policies, automation, and remediation pathways.
- Implement and maintain AWS security guardrails across Security Hub, GuardDuty, Inspector, Macie, CloudTrail, and IAM.
- Collaborate with cloud engineering and DevOps teams on secure architectures, monitoring patterns, and CloudWatch Logs data protection (PII/PHI masking).
- Support technical implementation and optimization of SASE platforms, including SWG, CASB, and ZTNA control.
- Engineer data visibility and protection controls across SaaS, cloud storage, and API environments.
- Partner with identity and security teams to drive Zero Trust-enabling controls and telemetry expansion.
- Support AppSec and API security by integrating telemetry, SAST/DAST findings, and runtime controls into detection workflows.
- Engineer detection patterns for OWASP Top 10 vulnerabilities and API misuse patterns.
- Collaborate with DevSecOps to automate application security validation and implement CI/CD security guardrails.
- Serve as technical engineering escalation during active security investigations and incident response.
- Build IR automation, forensic data integrations, and evidence collection workflows.
- Implement corrective technical controls resulting from post-incident analysis and lessons learned.
- Contribute engineering work to runbooks, playbooks, and automation patterns shared with the SOC.
Qualifications
- 5+ years of security engineering, detection engineering, or advanced security operations experience; or the equivalent years of education and experience required.
- Expertise with SIEM detection development and correlation logic (Splunk preferred), including advanced SPL and analytics authoring.
- Strong AWS security engineering experience across multi-account environments, including Security Hub, GuardDuty, Inspector, Macie, CloudTrail, and IAM.
- Proficiency with SOAR platforms and automation scripting (Python, PowerShell, Bash) for SecOps workflow automation.
- Experience with SASE technologies (SWG, CASB, ZTNA) and/or DSPM platforms in an enterprise environment.
- Deep working knowledge of adversary TTPs and the MITRE ATT&CK framework applied to detection engineering and threat modeling.
- Experience integrating cloud and SaaS telemetry into detection and incident response workflows.
- Genuine curiosity and an early-mover instinct for emerging technologies, including AI-assisted development tools such as Claude Code; demonstrated habit of evaluating and adopting new capabilities ahead of the curve to improve security posture and reduce manual workflows.
- Self-directed working style with the ability to scope, prioritize, and execute engineering work autonomously across concurrent initiatives without close direction.