Key skills
AWSCloudPythonBashBISaaSMentoring
About this role
Role Overview
- Design, implement, and tune high-fidelity detections across cloud, endpoint, SaaS, identity, and application environments
- Build and optimize queries, alerts, and correlation logic within our SIEM and EDR platforms
- Participate in SOC on-call rotation and serve as escalation point for high-severity incidents
- Lead complex investigations across endpoint, cloud, SaaS, and identity environments
- Triage and validate high-impact alerts, ensuring consistent investigative rigor and documentation
- Conduct proactive threat hunting to identify gaps in detection coverage
- Drive continuous improvement of playbooks, runbooks, and case management standards
- Build custom security tooling to improve alert enrichment, investigation, and response
- Develop integrations between security tools and internal systems via APIs
- Automate repetitive investigative workflows and containment actions
- Improve signal quality and reduce false positives across the stack
- Contribute to guardrails and enforcement mechanisms across cloud and SaaS environments
- Serve as the technical escalation point for high-severity incidents
- Lead complex investigations and root cause analysis
- Improve and mature incident response playbooks and processes
- Conduct post-incident analysis and drive systemic improvements
- Raise the technical bar within the SOC through mentorship and code/detection review
- Establish standards for detection quality and investigation rigor
- Partner closely with AppSec, Infrastructure Security, IT, and Engineering
- Help shape the SOC and detection engineering roadmap
Requirements
- 5–7+ years of experience in security engineering, detection engineering, or security operations
- Strong experience with SIEM platforms
- Experience with EDR platforms
- Strong scripting skills (Python, Bash, or similar)
- Experience working in AWS or similar cloud environments
- Experience leading complex incident investigations
- Experience building internal security tools (Preferred)
- Detection-as-code or infrastructure-as-code experience (Preferred)
- Experience integrating tools via APIs (Preferred)
- Experience mentoring junior analysts or engineers (Preferred)
- Familiarity with SaaS security and identity-based attack patterns (Preferred)
Tech Stack
- AWS
- Cloud
- Python
Benefits
- Open and transparent culture
- Life insurance, long and short-term disability coverage
- Paid maternity and paternity leave
- Fertility Benefits
- Generous vacation time, plus three 4-day summer holiday weekends
- Excellent medical, dental, and vision benefits
- 401k Plan with company matching
- Bi-annual swag drops with cool Podium gear and apparel
- A stellar HQ (Utah) gym with local professional coaches and classes offered
- Onsite HQ (Utah) child care center, subsidized for employees