Senior Security Engineer

### Who you are
- We are seeking an experienced Security Engineer to join our internal security team who thrives in a fast-paced environment. You have a passion for innovation, solid design principles, and high-quality developmen
- You bring strong infrastructure and detection engineering fundamentals, a security-first mindset, and a deep understanding of cloud and networking concepts
- At least 5 years of professional experience in a DevOps, Security Engineering, or Detection Engineering role maintaining relevant production infrastructure
- Strong working knowledge of AWS services such as EC2, ECS or EKS, Lambda, ELBs, Transit Gateway, VPC, CloudWatch, S3, Code/Build/Pipeline/Deploy, etc
- Strong working knowledge of Terraform or similar tools, AWS CLI/SDK, Boto
- Extensive experience with SIEM content engineering, data transformation, and log onboarding
- Proficiency with scripting languages such as Python, Bash, etc
- Proficiency integrating systems via API and their respective authentication mechanisms
- Strong understanding of networking fundamentals and troubleshooting techniques for bare metal and containerized workloads
- Experience with best practice build pipelines, including Git/GitHub
- Experience with EDR tools, such as CrowdStrike Falcon and Sentinel One
- Experience with SOAR playbook building and automation, such as Tracecat and Chronicle SecOps
- Experience with Cribl Stream
- Familiarity with Cloud Security Posture Management, such as Crowdstrike and Wiz

### What the job involves
- Infrastructure Design and Maintenance:
- Design, improve, and maintain secure, durable, and performant infrastructure to power applications, security tooling, log collection, and data mining/ETL workflows
- Evolve log collection, processing, and storage infrastructure enabling security monitoring and investigations
- Support multi-account and multi-region AWS networking architectures with security-first principles
- Detection Engineering and Automation:
- Develop and maintain Splunk detection content aligned to the relevant frameworks and evolving threat intelligence
- Administer the Splunk Cloud platform, including search health, log health, and app, platform, and content updates
- Design and implement SOAR playbooks to automate investigation and response workflows
- Integrate infrastructure security tooling and automation to enhance detection, prevention, and response capabilities
- Build and maintain detection-as-code and automated deployment pipelines to ensure consistency, repeatability, and auditability
- Continuously refine detection logic to reduce false positives and increase signal quality
- Security and Compliance:
- Implement and operate security technologies across the enterprise, such as an endpoint security platforn
- Support incident response and investigation escalations
- Proactively meet standards for information security and compliance, such as SOC 2/ISO27001
- Implement and uphold security measures across all infrastructure components
- Work cross-functionally with Product, IT, DevOps, and Engineering teams to drive secure-by-default practices
- Technical Leadership
- Drive architectural and design decisions for SpyCloud’s detection program and platforms
- Mentor junior engineers and establish best practices across infrastructure and detection engineering domains

### Benefits
- Health benefits: From medical to dental, we’ve got you covered.
- Work/life balance: We offer generous PTO and a remote-friendly culture.
- Compensation: Our talented employees enjoy competitive salaries and equity.
- 401k matching: Investing in the future of our employees is a no-brainer.
- SpyCares: We’re only as strong as the communities we’re a part of and giving back is in our DNA.