Key skills
Incident responseThreat detectionSIEM toolsPythonCloud environmentsSecurity assessmentsAutomation solutionsJIRAVulnerability scannersCollaborationAWSGCPTerraformCloudFormationSplunkJiraCI/CD
About this role
Calendly is a company experiencing exciting product growth and is seeking a Security Operations Engineer to join their Security team. The role involves monitoring, detecting, and responding to cybersecurity threats, incident response, and enhancing threat detection capabilities.
Responsibilities:
- Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner
- Responding to cybersecurity incidents from identification through resolution
- Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies
- Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response
- Collaborating with Engineering and SRE to identify and mitigate logging deficiencies
- Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage
- Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional
- Executing and improving incident response protocols and procedures to swiftly and effectively manage security incidents
- Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team
- Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency
- Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness
- Collaborating with Engineering, IT and other departments to support the implementation and evangelization of established cybersecurity best practices across the organization
- Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making
Requirements:
- A minimum of 3 years of experience in cybersecurity, with at least 2 years dedicated to security operations, a SOC environment and enterprise security
- Demonstrated experience in incident response, including developing and implementing incident response playbooks and procedures, acting as incident commander on low severity incidents, and conducting post-incident analysis
- Experience with JIRA or similar tools for creating dashboards, managing reports, and automating workflows to support cybersecurity operations
- Proven track record in threat detection
- Strong knowledge in operating and configuring SIEM tools (e.g., Splunk, ELK) for real-time threat monitoring and analysis
- Solid understanding of security technologies such as EDR (Endpoint Detection and Response), firewalls, and vulnerability scanners
- Demonstrated track record of automating SOC processes, enhancing threat detection, or streamlining incident response using Python
- Proficient knowledge of threat actor behaviors, techniques and tools
- Experience investigating security events on MacOS, Linux and Windows systems
- Experience investigating security events in cloud environments including AWS and/or GCP
- Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time
- Experience with automating deployment and administration of detection capabilities with detection-as-code and CI/CD
- Experiencing with deploying and managing infrastructure using Terraform, CloudFormation or similar
- Experience developing detection capabilities for CI/CD environments