Key skills
LLMAWSAzureGCPGoogle CloudSplunkSaaS
About this role
UiPath is a company dedicated to transforming the world through automation. They are seeking a Security Operations Engineer I to focus on threat management and incident response, working under the guidance of senior engineers to investigate security incidents and contribute to security improvements.
Responsibilities:
- Triage and investigate incidents across SIEM, EDR, network, identity, and cloud telemetry; support containment, eradication, and incident communications under senior guidance
- Contribute to root cause analysis and close the loop with Threat Intelligence and Detection Engineering to produce durable detections, controls, or playbook updates
- Participate in proactive threat hunting across enterprise and cloud telemetry under the direction of senior analysts
- Help maintain IR playbooks and runbooks and participate in drills and tabletop exercises
- Recommend and help tune the detection and response tooling stack (SIEM, EDR, SOAR, case management) in both environments
- Actively seek mentorship from senior IR engineers and grow toward independent ownership of incidents over time
- FedRAMP - Follow strict procedures and requirements for but not limited to the authorized IR Plan, NIST 800-53 IR controls, CISA notifications, chain of custody, data classification handling, and event classification and reporting requirements
Requirements:
- Minimum 1 year of experience in a Security Operations role (SOC analyst, junior incident responder, detection engineer, or equivalent), internship, or relevant academic/lab work
- Hands-on exposure to at least one major SIEM (Sentinel, Splunk, Chronicle, Elastic) and at least one EDR (Defender XDR, CrowdStrike, SentinelOne)
- Developing ability to write and run KQL queries (or willingness to ramp quickly)
- Practical experience using coding agents and/or LLM tooling, with judgment about when to validate or escalate
- US citizen or US lawful permanent resident (green card holder)
- Able to work from our Bellevue, WA office a minimum of 3 days per week
- Ability to successfully complete a background investigation appropriate to a FedRAMP Moderate environment
- Familiarity with NIST SP 800-53 and NIST SP 800-61 concepts (or commitment to develop working knowledge within the first 90 days) to support work inside the FedRAMP boundary
- Awareness of FedRAMP Moderate, authorization boundary concepts, and federal incident reporting expectations - or eagerness to learn them quickly
- Exposure to incidents in cloud environments (Azure / AWS / GCP) and SaaS platforms
- Exposure to detection-as-code or SOAR-as-code workflows
- Familiarity with digital forensics tooling (Velociraptor, KAPE, Volatility) or malware triage concepts
- Entry-to-mid certifications such as Security+, CySA+, SC-200, AZ-500, GSEC, GCIH, or equivalent
- Bachelor's degree in Computer Science, Information Security, or related field - or equivalent practical experience
- Prior exposure to a FedRAMP, IL4/IL5, StateRAMP, CMMC, CJIS, or IRS Pub. 1075 environment in any capacity (intern, junior analyst, audit support)
- Exposure to Azure Government, AWS GovCloud (US), or Google Cloud Assured Workloads
- Awareness of 3PAO assessment activities, ConMon, POA&Ms, and SSPs
- Active or recently active US government clearance (e.g., Public Trust, Secret) is a plus but not required