Senior Security Engineer

### Who you are
- Minimum 7+ years in security with at least 5+ years deeply focused on detection engineering, incident response, or threat hunting in cloud-native environments and a track record of working in fast paced SaaS environments,moving organizations from reactive IR to threat-informed defense
- Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field
- Hands-on proficiency in securing AWS/GCP/Azure + modern Identity Stack, including experience with Kubernetes security and Terraform/IaC
- Strong coding ability to build automations, security pipeline, detection as code etc
- Deep understanding of cloud IAM attack paths, token/session abuse, API threats, and data exfiltration patterns, CI/CD for detections
- Experience designing and operating telemetry pipelines (normalization, correlation, data quality, schema strategy)
- Strong incident response leadership for high-severity events in production environments
- Deep familiarity with threat intelligence frameworks (MITRE ATT&CK) and the ability to convert raw intel into actionable detection/prevention strategies
- Proven experience running incident response tests, breach and attack simulations (BAS), or red/blue team exercises
- Deep expertise in security tooling across SIEM, EDR, CNAPP, WAF, CASB, and Data Security platforms and judgment to know when to buy vs build
- The ability to translate complex technical threats into clear, actionable guidance for both technical peers and executive leadership
- Relevant certifications (nice-to-have): GCIA, GCIH, GCTI, CISSP, CCSP
- Contributions to open-source security projects or published research (nice-to have)

### What the job involves
- Sigma is seeking a Senior Security Engineer- Detection & Response (Threat-Informed Defense) to join our Security Engineering team
- You will act as the technical SME for threat Intelligence, detection and response, partnering across Security, Platform, Product, and Engineering to reduce risk and improve resilience at scale
- You will bridge the gap between Cyber Threat Intelligence (CTI) and actionable defense, shaping our security architecture to withstand modern adversary tactics before they manifest in our environment
- In this role you will not just administer the platforms
- You'll write production-grade code, engineer scalable detections, automate response, and develop proactive threat controls using deep knowledge of cloud, identity, application, and data attack paths
- Adversary Response Planning: Develop and maintain a comprehensive adversary response strategy, mapping organizational risks to specific threat actor TTPs (Tactics, Techniques, and Procedures)
- Cross-Functional Leadership: Act as a Subject Matter Expert to Infrastructure, Engineering, and security teams. Guide these partners in implementing proactive security controls, ensuring that security is "baked in" to the development lifecycle and corporate infrastructure
- Proactive Threat Modeling: Lead and build collaborative threat modeling sessions for new products and infrastructure, helping cloud platform, Engineering and IT identify and neutralize architectural weaknesses before deployment
- Continuous Detection Engineering: Build, tune, and constantly update a library of high-fidelity detections. You will ensure our alerting logic evolves in lockstep with new exploitation techniques and industry benchmarks
- Industry Alignment: Monitor the evolving security landscape (e.g., CISA advisories, new MITRE techniques) to ensure Sigma remains at the forefront of industry-standard security controls
- Resilience Testing & Training: Design and lead cross-functional Incident Response simulations and tabletop exercises. Use these sessions to educate non-security teams on their roles during a crisis and to identify gaps in our defense-in-depth strategy
- Advanced Incident Management: Lead the full lifecycle of high-severity security incidents, acting as the primary SME for containment and eradication while managing communication with executive leadership
- Automation & Orchestration: Architect SOAR workflows to ensure common adversary techniques are met with immediate, automated remediation, reducing the manual burden on IT and Ops

### Benefits
- Competitive pay: Competitive salaries aligned with market rates—because we value your experience and contributions.
- Flexible Schedule: Work in the way that suits you—Sigma supports flexibility in how and when you work best.
- Health, Dental & Vision Insurance: Comprehensive health, dental, and vision coverage for you and your dependents.
- 401(k) Plan: Plan for your future with our 401(k) offering.
- Bi-annual Hackathons: Make, create, innovate—hack alongside peers twice a year.
- Unlimited Time Off: Recharge when you need—no limits on vacation days.
- Health & Wellness: Support for your overall well-being. We offer Carrot Pro, Wellhub+, Rightway, and OneMedical.
- Parental Leave: Paid leave to welcome new family members.
- Unagi Scooters: Zip to work on us with Unagi scooter benefits provided for free!
- Daily Lunches, Office Snacks, Coffee: Good vibes and great taste—lunch provided daily through DoorDash, unlimited snacks, coffee, tea, Celsius, and more!
- Professional Development & Career Growth: Clear career progression paths and room to grow into leadership, Support for conferences, L&D, and career growth.
- Commuter benefits
- Lunch reimbursement
- Pension with 3% match