Staff Security Engineer, Enterprise Security Operations
About the role
Aurora is seeking a Staff Security Engineer, Enterprise Security Operations to join our Enterprise Security Engineering team. This role is open to Aurora offices in Mountain View, San Francisco, Seattle, Pittsburgh, Dallas, Detroit, and Phoenix.
Responsibilities
Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.
Requirements
12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.
Qualifications
Required Qualifications:
Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery).
Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.
Desirable Qualifications:
Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.
Benefits
The base salary range for this position is $171,000 - $273,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future.
Pay
The base salary range for this position is $171,000 - $273,000 per Year.
Schedule
Aurora operates in a hybrid work environment where Aurorans are in office at least 3 days per week.