Security Operations Engineer

Role: Security Operations Engineer Location: SF hybrid, 4 days a week onsite 1 day remote - 94111 Duration: 3 - 6 CTH Ideal Candidate Profile Someone with an open mindset, adaptability, and a strong appetite for learning and growth. Must be comfortable working in an environment where tools and technologies are evolving - they're actively evaluating multiple security platforms and want someone who embraces that variety. Experience building or helping build a security operations function is highly valuable - especially candidates who have been early hires on a SecOps, IR, or SOC team. Needs to be highly execution-oriented: able to receive a project or objective and implement independently with minimal oversight. Key Expectations Hands-on ownership of SecOps tasks, including tuning detections, automation, IR workflows, and tool configuration. Operate comfortably in a fast-moving, cloud-first engineering environment. Contribute to shaping processes, maturing tooling, and supporting the newly forming SOC structure. Role Description We are seeking a Security Operations Engineer to help safeguard and scale the security of our cloud-first environment. In this role, you'll enhance detection and response capabilities, strengthen identity and access controls, and improve the systems and processes that keep our infrastructure resilient. You'll work closely with engineering, IT, and infrastructure teams to embed security best practices into everything we build. This role is ideal for a hands-on security professional who thrives in fast-moving environments and enjoys improving visibility, automation, and operational readiness. Responsibilities Lead and support security incident response, including triage, investigation, containment, and post-incident reviews. Analyze and tune EDR, SIEM, and network telemetry alerts to separate false positives from real threats. Configure and optimize detection tools, including correlation rules, detection logic, and response playbooks. Implement and maintain identity and access controls, ensuring least-privilege and conditional access standards. Automate recurring SecOps workflows through scripting and integrations across monitoring and response tools. Required Skills 3-5 years in security operations, incident response, or SOC environments. Strong understanding of threat detection, investigation, and response workflows. Hands-on experience tuning EDR and SIEM platforms for effective coverage and alerting. Ability to write detection or hunting queries (e.g., KQL, SPL, SQL-like languages). Familiarity with IAM principles, cloud security basics, and at least one scripting language (Python, PowerShell, etc.). Bonus Skills Experience with SOAR platforms or custom security automation. Familiarity with cloud security posture management (CSPM) or cloud-native threat detection tools. Ability to use threat intelligence to refine detections and response playbooks. Understanding of frameworks like MITRE ATT&CK, NIST, CIS, or ISO 27001.

Created: 2026-03-10