SOC Engineer
About the role
The SOC Engineer will operate across incident response, platform quality, and operational improvement. They will evaluate telemetry coverage, shape response automation, handle high-severity escalations, and ensure the tooling and workflows analysts depend on are fit for purpose. The role involves direct engagement with internal engineering teams and customers, tackling a variety of challenging problems.
Responsibilities
- Handle complex incident response and escalation.
- Take ownership of high-severity and technically complex incidents, leading investigation, driving containment decisions, and communicating findings clearly when it counts.
- Assess and improve telemetry and logging coverage.
- Automate evaluation of customer environments for logging gaps and deficiencies across endpoint, network, identity, and cloud.
- Specify what's needed for effective detection and investigation, and work with customers and internal teams to close the gaps.
- Ensure SIEM and detection quality.
- Apply deep platform knowledge to evaluate detection fidelity, data normalization, parser quality, and alert logic, identifying where coverage or quality falls short and partnering with detection engineering to address it.
- Contribute to response automation quality.
- Work closely with the SOAR team to review enrichment logic, containment playbooks, and automation design, bringing an incident responder's perspective to what works under pressure and what doesn't.
- Serve as a knowledgeable resource for forward-deployed engineers, onboarding teams, and customers on questions spanning telemetry, investigation, platform behavior, and response, representing the SOC's technical depth across functions.
- Improve SOC tooling and operational workflows.
- Identify friction in how analysts triage, investigate, and respond, and partner on tooling improvements, process changes, and reference content that raise consistency and quality across the team.
Requirements
- 5+ years in security operations, incident response, or detection engineering with demonstrated depth across multiple domains.
- Strong fluency in logging and telemetry — able to evaluate an environment's coverage posture, identify deficiencies, and articulate what's needed for effective detection and investigation.
- Hands-on experience with SIEM platforms (Google Chronicle, Microsoft Sentinel, and/or Splunk a plus) — enough to understand data modeling, rule architecture, and parser quality, and recognize when a deployment falls short of what our MDR SOC requires.
- Solid understanding of response automation — enrichment pipelines, SOAR playbook structure, containment logic — and the judgment to evaluate whether automation is working as intended.
- Working knowledge of cloud security architecture in at least one major cloud (AWS, Azure, or GCP), including native log sources and their value for investigation.
- Scripting proficiency in Python or PowerShell for automation support, and integration work.
- Familiarity applying AI or LLM-based tooling to security workflows — investigation assistance, alert triage, log analysis, or automation — is a strong plus.
Qualifications
- Clear, confident communicator across technical and non-technical audiences — customers, engineers, and analysts alike.
Skills
- Multi-cloud breadth across AWS, Azure, and GCP security tooling and telemetry.
- Experience with IaC (Terraform, CloudFormation) and DevSecOps practices.
- Familiarity authoring detection runbooks, investigation guides, or SOC operating procedures.
- Splunk Enterprise Security depth — ES notable events, risk-based alerting, correlation search architecture.
- Container and Kubernetes security monitoring exposure.
- Experience building or evaluating AI-assisted security tooling, agentic workflows, or LLM-augmented investigation and response.
Benefits
We offer a competitive compensation package, including a comprehensive benefits program that includes health insurance, retirement plans, and paid time off. As a fast-growing startup, we provide a dynamic and supportive work environment where you can make a significant impact on our mission to revolutionize the MDR landscape.
Pay
Competitive salary based on experience and qualifications.
Schedule
Full-time position with flexible working hours to accommodate your needs.