Key skills
Workflow automationInternal toolingOperational infrastructurePythonAPI integrationsSecurity Information and Event Management (SIEM)Ticketing systemsAlerting platformsDashboard buildingReporting toolingTechnical translationAIBILeadership
About this role
Huntress is a remote-first cybersecurity company founded by former NSA cyber operators, dedicated to providing enterprise-grade security solutions to businesses of all sizes. The Principal Security Operations and Enablement Engineer will be responsible for bridging the gap between security operations needs and core platform capabilities, focusing on building workflows, automations, and tooling to enhance detection and response capabilities.
Responsibilities:
- Own and evolve the SO&E technical strategy, including how the function identifies, prioritizes, and delivers against operational gaps that the core platform does not address
- Serve as the primary technical translator for requirements surfaced by SOC and Support Operations Managers, turning operational pain points into scoped, buildable solutions against a prioritized backlog
- Partner with the Director to translate Product and operational priorities into scoped technical requirements, ensuring SO&E delivery is sequenced against the gaps that matter most to the business
- Translate operational requirements into precise technical solutions including workflow automations, API integrations, internal tooling, and custom dashboards — and establish the standards others build to as the function scales
- Build and maintain reporting and dashboard infrastructure that gives operators and leadership meaningful visibility into security performance and workflow health
- Identify and drive toil reduction across SOC and Support workflows through automation, tooling improvements, and smarter use of existing capabilities including AI where appropriate
- Evaluate new platforms and technologies against backlog needs, with a bias toward solutions that keep the team tool-agnostic and avoid unnecessary dependency
- Establish and document technical standards across the build lifecycle that support long-term scalability and create a foundation for the function to grow on
Requirements:
- 5+ years building workflow automations, internal tooling, or operational infrastructure in a technical environment, ideally within security or a similarly complex domain
- Demonstrated ability to operate across organizational functions — translating operational pain from non-technical stakeholders into precise, scoped technical requirements without significant back-and-forth
- Proficiency in Python or similar scripting languages, with the ability to write clean, maintainable code that establishes patterns others can build on
- Experience building and maintaining API integrations to connect tools and systems that don't talk to each other out of the box
- Familiarity with security operations tooling including SIEMs, ticketing systems, and alerting platforms, sufficient to understand how analysts work and where automation creates real leverage
- Experience building dashboards and reporting tooling sufficient to create meaningful operational visibility without relying on a dedicated BI team
- Comfort operating in an ambiguous, fast-moving environment where the function is still being defined — able to set technical direction without a fully established playbook