Key skills
Security operations experienceThreat detection workflowsEDRSIEM tuningDetection query writingIAM principlesCloud security basicsScripting languageSOAR platformsCloud security posture managementThreat intelligenceMITRE ATT&CK frameworkNIST frameworkCIS frameworkISO 27001PythonSQLPowerShellIAMCloud Security
About this role
Gridware is a San Francisco-based technology company dedicated to protecting and enhancing the electrical grid. They are seeking a Security Operations Engineer to help safeguard and scale the security of their cloud-first environment by enhancing detection and response capabilities and strengthening identity and access controls.
Responsibilities:
- Lead and support security incident response, including triage, investigation, containment, and post-incident reviews
- Analyze and tune EDR, SIEM, and network telemetry alerts to separate false positives from real threats
- Configure and optimize detection tools, including correlation rules, detection logic, and response playbooks
- Implement and maintain identity and access controls, ensuring least-privilege and conditional access standards
- Automate recurring SecOps workflows through scripting and integrations across monitoring and response tools
Requirements:
- 3–5 years in security operations, incident response, or SOC environments
- Strong understanding of threat detection, investigation, and response workflows
- Hands-on experience tuning EDR and SIEM platforms for effective coverage and alerting
- Ability to write detection or hunting queries (e.g., KQL, SPL, SQL-like languages)
- Familiarity with IAM principles, cloud security basics, and at least one scripting language (Python, PowerShell, etc.)
- Experience with SOAR platforms or custom security automation
- Familiarity with cloud security posture management (CSPM) or cloud-native threat detection tools
- Ability to use threat intelligence to refine detections and response playbooks
- Understanding of frameworks like MITRE ATT&CK, NIST, CIS, or ISO 27001