LiveRamp is a data collaboration platform known for its leadership in consumer privacy and data ethics. The Staff Security Engineer will set the technical direction for threat detection and response capabilities while leading the design and implementation of large-scale security automation frameworks across various environments.
Responsibilities:
- Set technical direction for threat detection and response capabilities across SIEM, cloud-native security platforms, and adjacent security tooling
- Lead threat-model–driven detection strategy, identifying high-risk attack paths and ensuring coverage across cloud, SaaS, endpoint, and identity domains
- Design and own large-scale security automation frameworks, including enrichment, triage, suppression, and response patterns used across the organization
- Architect and evolve scalable telemetry pipelines and logging infrastructure across multi-cloud environments using Infrastructure as Code (IaC)
- Serve as a senior escalation point during complex security incidents, driving deep technical analysis and guiding response strategy
- Identify systemic gaps in detection coverage, telemetry ingestion, and automation logic, and lead cross-team efforts to remediate them
- Own and maintain architectural standards, including reference architectures, data flow diagrams, and operating models for detection pipelines
- Influence and mentor engineers across security teams, raising the overall bar for detection engineering, automation, and cloud security practices
- Partner closely with infrastructure, platform, and application teams to ensure security is embedded into cloud design, IAM strategy, and network architecture
- Drive long-term improvements to cloud and infrastructure security posture through scalable detection, configuration standards, and automation
- Advance LiveRamp’s detection and response program at a strategic level, focusing on durable engineering patterns, automation frameworks, and infrastructure integration
- Design organization-wide automation approaches that materially reduce alert fatigue and improve response across Cloud, SaaS, Endpoint, and Identity tooling
- Continuously mature SIEM and cloud-native logging architectures, ensuring high-fidelity, cost-aware telemetry across corporate and production environments
- Define and implement scalable security controls that strengthen cloud and infrastructure security through detection, configuration, and automated enforcement
Requirements:
- Bachelor's degree in a relevant technical discipline (or equivalent practical experience)
- Proven experience designing and scaling security systems, not just implementing individual detections or automations
- Deep familiarity with security automation and orchestration platforms (SOAR), serverless technologies (e.g., Cloud Functions, Lambda), and API-driven integrations
- Strong cloud security expertise across AWS, GCP, and/or Azure, with hands-on experience applying cloud-native detection and automation patterns
- Advanced proficiency in Python or similar languages, with the ability to design maintainable tooling and debug complex distributed systems
- Strong understanding of network and infrastructure security concepts (IAM, segmentation, firewalls, proxies, IDS/IPS) and how they apply at scale
- Exceptional written and verbal communication skills, with a focus on technical clarity, design documentation, and decision-making artifacts
- Demonstrated ability to operate in ambiguity, influence without authority, and drive initiatives that span multiple teams
- Passion for security, curiosity about the threat landscape, and a mindset oriented toward building systems that scale
- Knowledge of insider threat or attacker infrastructure
- Experience in DLP technologies and development