Key skills
EDR/XDR platformsSOC platform engineeringWindows internalsLinux operating systemsServer infrastructureEndpoint telemetryHost-level telemetryProcess executionPersistence mechanismsAdministrative activityMalware analysisSandboxing environmentsSOC workflowsDetection pipelinesIncident responseScriptingPowerShellPythonMITRE ATT&CK framework
About this role
Sandisk is a leading company in the computer hardware industry, known for its innovative solutions in data consumption. They are seeking a highly experienced Senior Security Engineer to design and improve the security tooling ecosystem for their Security Operations Center (SOC), focusing on the reliability and effectiveness of SOC platforms.
Responsibilities:
- Engineer, deploy, and maintain all core SOC platforms, including:
- Malware analysis and sandboxing solutions
- Analyst workstation environments (Windows investigation VMs)
- Endpoint Detection & Response (EDR/XDR)
- Email Security Engineering
- Vulnerability Scan Engineering
- Act as technical owner for SOC platforms, including alignment with architecture requirements, lifecycle management, upgrades, and decommissioning
- Ensure SOC platforms are engineered for scale, reliability, performance, and forensic integrity
- Partner with IT and platform teams to resolve dependency, access, and infrastructure issues impacting SOC operations
- Own EDR platform engineering, configuration, and operational health across the enterprise
- Define and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution)
- Monitor EDR health metrics and proactively remediate gaps impacting detection or response efficacy
- Develop testing frameworks to validate EDR detections, policies, and response actions
- Serve as a technical owner of detection engineering, enabling high-fidelity detections through better tooling, telemetry, and data quality
- Validate that endpoint, sandbox, and supporting tooling generate the telemetry required to support detection logic and investigations
- Collaborate on detection validation, tuning, and testing pipelines
- Translate emerging threats and attacker techniques into tooling and telemetry requirements
- Engineer and maintain malware detonation and analysis environments that support safe, repeatable analysis
- Support SOC and IR teams with tooling for static and dynamic malware analysis
- Improve sandbox fidelity to better represent enterprise environments and common attacker tradecraft
- Assess new attacker techniques, malware families, and evasion tactics for detection and prevention opportunities across the enterprise
- Identify gaps where tooling or configurations do not adequately surface malicious behavior
- Evaluate new security tools and capabilities to address detection, analysis, or response gaps
- Provide engineering-backed recommendations grounded in operational SOC realities
- Automate routine SOC operations including health checks, validation, deployments, and reporting
- Develop scripts and tooling (PowerShell, Python, etc.) to reduce manual overhead and analyst toil
- Improve reliability through monitoring, alerting, and failure-mode testing of SOC platforms
- Author and maintain engineering documentation for SOC platforms, architectures, and configurations
- Define technical standards and guardrails for SOC platforms usage and integrations
- Support audits, tabletop exercises, and incident reviews from a tooling and telemetry perspective
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience
- 5–10+ years of experience in security engineering, detection engineering, or advanced SOC technical roles
- Demonstrated experience supporting SOC operations through engineering and platform ownership
- Deep hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne)
- Experience engineering SOC platforms rather than only consuming alerts (platform ownership mindset)
- Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activity across workstation and server environments
- Experience supporting malware analysis and sandboxing environments
- Familiarity with SOC workflows, detection pipelines, and incident response requirements
- Strong scripting and automation skills (PowerShell, Python)
- Solid grasp of attacker TTPs mapped to the MITRE ATT&CK framework
- Experience integrating SOC platforms with SIEM, SOAR, or case management platforms
- Exposure to vulnerability management and scanning platforms
- Experience designing detection validation or purple-team style testing
- Relevant certifications (GIAC, GREM, GCED, GCIA, OSCP) preferred but not required