Resumen del rol

Staff Security Operations Engineer

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

As An Active Member Of Our Team, You Will…

  • Provide knowledge and experience in working with modern security principles e.g. SIEM, security data lakes, detection as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management.
  • Utilize a strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPs
  • Understanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM
  • Experience scripting/coding in at least one of the following languages: Python, NodeJS, Ruby, Bash
  • Be the go-to technical subject matter expert on security, compliance, and assurance topics
  • Communicate ideas to technical and non-technical audiences
  • Comfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross-functionally
  • We are a remote-first company and work happens across many time-zones – you may be required to occasionally perform duties outside your standard working hours

If You’ve Got It - We Want It

  • Monitoring security events and alerting via our security tooling, including MSSP, SIEM, AI, and CSPM tooling, to identify and triage potential threats
  • Developing, implementing, and maintaining high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risks
  • Conducting continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacy
  • Responding to issues identified by our Cribl employees
  • Acting as a security incident response lead, including leveraging and improving detection capabilities during investigations
  • Building, enhancing, and managing security playbooks, incorporating detection engineering best practices
  • Conducting security assessments of corporate assets through vulnerability testing, threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunities
  • Performing both internal and external security reviews of corporate properties e.g., the corporate website and enterprise applications
  • Leading security incident response tabletop exercises
  • Continuing to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilities
  • Collaborating with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategies
  • Experience with SIEM platforms like Panther is a plus and its detection capabilities
  • Familiarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCP
  • Relevant certifications in cloud security or incident response (e.g., SANS GIAC certifications)
  • Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoSecurity OperationsÁrea del rol
Señal de senioritySeniorNivel del candidato
StackAWS, Azure, GCPSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.
Aplicar en el sitio de la empresaSitio de la empresaAbrir link