LightspeedRemote
Security Engineer
United States of America
Full Time
3 hours ago
$80,000 - $150,000 USD
Visa Sponsor
Key skills
CybersecuritySOC operationsSecurity engineeringCloud securityDetection engineeringIncident responseAWS servicesAWS Certified Cloud PractitionerPython scriptingSIEM platformsLog pipeline developmentDetection rule developmentAgentic SOC frameworksAI-assisted security operationsPythonSQLAIAgenticAWSTerraformCloudFormationIAMCollaborationCloud Security
About this role
Lightspeed is a leading company in data security, aiming to empower businesses with innovative solutions. They are seeking a Security Engineer to enhance their security operations through automation, cloud security, and detection engineering, while actively participating in a modern Security Operations Center (SOC).
Responsibilities:
- Security Engineering: Build, maintain, and improve security workflows, integrations, detection processes, and operational tooling within an agentic SOC
- Agentic SOC Operations: Work with automation, AI-assisted workflows, and agent-based capabilities that support alert triage, investigation, enrichment, and response
- SIEM Log Flow Development: Help design, configure, maintain, and troubleshoot log ingestion flows into the SIEM from AWS, applications, infrastructure, endpoint tools, and security platforms
- Detection Engineering: Create, tune, and maintain detection rules, alert logic, dashboards, playbooks, and investigation workflows
- Python Automation: Develop Python scripts and automations for alert enrichment, data processing, reporting, workflow improvement, and security operations support
- Cloud Security Monitoring: Support cloud security logging, monitoring, IAM reviews, and cloud detection use cases
- SOC Operations: Review, analyze, and correlate security alerts and logs to identify suspicious activity and support investigations
- Incident Response Support: Assist with security event investigations, escalation, containment, remediation, and post-incident improvements
- Process Improvement: Help improve SOC processes, playbooks, detection coverage, documentation, and response workflows
- Cross-Functional Collaboration: Partner with security, cloud, IT, and engineering teams to improve visibility, reduce risk, and strengthen security operations
Requirements:
- 2–3 years of experience in cybersecurity, SOC operations, security engineering, cloud security, detection engineering, or incident response
- Working knowledge of AWS services, cloud security fundamentals, logging, monitoring, IAM, and basic cloud architecture
- AWS entry-level certification required at minimum, such as AWS Certified Cloud Practitioner. AWS Solutions Architect – Associate or AWS Security Specialty is a plus
- Hands-on proficiency with Python for scripting, automation, data processing, security tooling, or workflow development
- Experience working with SIEM platforms, including log ingestion, parsing, alerting, dashboards, and detection logic
- Experience building, maintaining, or troubleshooting log flows from applications, infrastructure, AWS services, endpoint tools, or security platforms into a SIEM
- Strong understanding of SOC workflows, alert triage, investigation, escalation, and incident response processes
- Ability to help develop, tune, and improve detections based on logs, threat behavior, and operational needs
- Familiarity with agentic concepts, agentic frameworks, AI-assisted workflows, autonomous or semi-autonomous agents, and practical security operations use cases
- Hands-on exposure to LLMs, AI agents, agentic workflows, or AI-assisted security operations
- Experience with Sigma, SPL, KQL, SQL, YARA, or similar detection/query languages
- Familiarity with Terraform, CloudFormation, CDK, or similar tools