Software Engineer - SOC
Poshmark · California, United States · 1 mo ago
HybridEngineeringFull-time
Responsibilities
- Maintain, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior.
- Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes.
- Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities.
- Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines).
- Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows.
- Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements.
- Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability.
- Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations.
- Implement and scale security monitoring solutions across cloud-native and distributed environments.
- Conduct proactive threat hunting using data-driven and hypothesis-based approaches.
- Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines.
- Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code.
- Participate in architecture and design discussions to embed security into systems from the ground up.
- Drive and contribute to broader security engineering and SOC modernization projects.
Requirements
- 2–4 years of experience in information security, security engineering, or a related field.
- Hands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems.
- Experience with incident response and security investigations.
- Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations.
- Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling.
- Understanding of software engineering fundamentals (data structures, APIs, version control, testing).
Qualifications
- Minimum qualifications: Hands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems; proficiency in at least one programming or scripting language; understanding of software engineering fundamentals.
- Preferred qualifications: Experience in Incident Response, Malware Analysis, and Threat Hunting; background in SOC, or SecDevOps practices; experience building or maintaining internal security tools or platforms; knowledge of distributed systems and observability; familiarity with CI/CD pipelines and infrastructure-as-code; relevant certifications (e.g., GCIA or similar).