Key skills
CloudPythonRubyC#CAIMLLeadershipMentoringCollaborationPenetration Testing
About this role
Role Overview
- Be the technical owner of the architecture, selection and continuous improvement of security operations platforms (SIEM/SOAR, EDR, CSPM, cloud workload protection, container security, email security gateway and UEBA) across hybrid-cloud environments.
- Define platform integration strategy, data pipeline design and the operational standards that govern how security tooling is deployed and maintained at enterprise scale.
- Design and lead the implementation of security automation and orchestration capabilities that reduce manual effort, accelerate detection and response and scale security operations program effectiveness through automated ticketing and findings resolution.
- Partner with Enterprise Security Architects, IT, engineering and cross-functional business stakeholders to ensure security operations requirements are embedded in platform, application and infrastructure decisions.
- Lead vendor evaluation and technology selection for security operations tooling while providing risk, cost and capability trade-off analysis.
- Mentor security engineers and analysts through architecture reviews, structured guidance and hands-on collaboration.
- Provide direct technical guidance to Security Operations leadership to inform strategy, roadmap and investment priorities.
- Analyze security systems and seek improvements via automation or otherwise, on a continuous basis.
Requirements
- 10+ years of experience in information technology, with hands-on experience in security operations and security platform engineering in enterprise hybrid-cloud environments preferred
- 3-5 years of experience in security engineering, demonstrated experience architecting security solutions in hybrid public/private cloud environments preferred
- Proven ability to communicate complex security concepts to a wide range of audiences including engineers, executives and cross-functional business stakeholders
- Demonstrated experience mentoring security engineers and analysts to develop technical depth and security maturity through coaching, architecture reviews and hands-on knowledge transfer
- The ability to provide direct technical guidance to Security Operations leadership and translate findings into clear strategic recommendations
- Deep expertise in security operations platform architecture, including SIEM/SOAR, EDR, container security, email security gateways, ZTNA, NGFW and UEBA
- Hands-on experience designing, implementing and optimizing detection and response capabilities at enterprise scale
- Hands-on experience developing and maintaining detection content (SIEM use cases, correlation rules and alert tuning) aligned to adversary TTPs and the organization's threat model
- Hands-on experience designing and managing log ingestion pipelines, data source onboarding and log lifecycle strategy in support of detection and compliance requirements
- A working knowledge of vulnerability management platforms, attack surface management and penetration testing tooling
- A working knowledge of privileged access management (PAM) and identity threat detection and response (ITDR)
- Demonstrated experience architecting security controls across hybrid-cloud environments
- Hands-on experience with CSPM, cloud workload protection, cloud-native security services, cloud identity security, security-as-code practices and cloud compliance frameworks
- Demonstrated experience in security automation and orchestration including SOAR playbook development, API integrations and scripting (Python, Ruby, C# and/or REST APIs)
- Ability to design enterprise-grade security automation that reduces analyst toil, accelerates detection and response and scales the security operations program through automated ticketing and findings resolution
- Advanced understanding of adversary tactics, techniques and procedures (TTPs) and ability to operationalize threat intelligence into detection and response
- A working knowledge of the MITRE ATT&CK framework and its application to detection engineering and security architecture decisions
- Hands-on experience designing or maturing threat hunting capabilities, including the development of hunting hypotheses, structured hunt methodologies and translation of hunt findings into detection content
- Incident response experience including hands-on incident management experience is preferred
- Experience monitoring the shifting threat landscape and emerging technology trends, translating business requirements and findings into sustainable, integrated security architecture and actionable recommendations for Security Operations leadership
- Experience developing multi-year security operations technology roadmaps and leading vendor evaluation and selection
- A working knowledge of enterprise security frameworks including NIST CSF, ISO 27001 and PCI-DSS
- Familiarity with enterprise architecture methodologies (TOGAF or equivalent)
- Experience with AI/ML-driven security capabilities and their operational security implications
- Familiarity with emerging security domains including AI Security Posture Management (AISPM) and supply chain security
- The ability to read, write, speak, and understand the English language in a business environment.
Tech Stack
- Cloud
- Python
- Ruby
Benefits
- Work from Home
- Employee Belonging Groups
- Healthcare: Dental, Medical, and Vision
- Paid Vacation, Volunteer, and Holiday Time Off
- And so much more!