Key skills
CloudKubernetesLinuxPythonBashSaaSCommunication
About this role
Role Overview
- Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs.
- Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal.
- Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms.
- Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques.
- Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents.
- Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures.
- Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance.
- Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations.
- Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams.
Requirements
- 3+ years of experience in Security Operations roles
- Hands-on experience operating and tuning a SIEM (on-prem or cloud-based)
- Hands-on experience maintaining Kubernetes clusters
- Working with Linux
- Scripting or automation experience (Python, Bash) for security operations tasks
- Experience working with a third-party SOC or MSSP
- Strong incident response and alert investigation skills across identity, endpoint, network, and cloud environments
- Understanding of common attacker techniques and detection methodologies
- Experience working closely with IT/helpdesk teams and translating security requirements into operational workflows
- Familiarity with endpoint security, identity monitoring, and log-based detections
- Strong written and verbal communication skills, especially during incidents
- Comfortable working cross-functionally and handling escalations calmly and decisively
Tech Stack
- Cloud
- Kubernetes
- Linux
- Python
Benefits
- Health Benefits
- Competitive Salary & Stock Options
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card