Staff Security Engineer, Detection and Response

The Staff Security Engineer, Detection and Response you will be responsible for the detection strategy, creation, tuning, validation, and correlation to ensure that we have effective detections in place against an ever-changing threat landscape. This role is hands-on, carrying the responsibility of running the day-to-day security operations tasks including management of SIEM, detection engineering platform and helping incident response. 

Reporting into the Director of Security Engineering, the ideal candidate will maintain and enhance a consistent and reliable operational security environment and take a proactive security monitoring approach.This role has high visibility and requires a technical individual who can partner with stakeholders and cross-functional teams (Engineering, Product, SRE, IT, Legal, etc) and has the ability to adapt in a dynamic security landscape. 

What You’ll Do:

• Responsible for building and expanding detection capabilities across a variety of platforms
• Responsible for security event monitoring, management and response, workflows and tasks
• Improve security monitoring and operational tasks by developing measurement capabilities and metrics to track and communicate performance, coverage and risk
• Evaluate existing SIEM rules, filters, events and use cases and adapt them to meet the business requirements
• Mature security operations; drive integration of new log sources, tools and services
• Create, maintain and manage a library of automated playbooks to address new threats and tactics employed by attacker
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Build and maintain tools to proactively monitor and respond to emerging threats
• Assist the Security Incident Response Program with related matters resulting from security investigations
• Participate in key security initiatives as the Subject Matter Expert to ensure alignment with strategies and roadmap
• Develop standard operating procedures and other appropriate documentation to enforce quality and consistency of services being delivered
• Support ongoing security compliance, audit, and certification programs (e.g., PCI, HIPAA, SOC2)

What We’re Looking For:

• Bachelor's degree in Information Security, Computer Science, Computer Engineering, or equivalent work experience
• Minimum 7 years of consistent detection & response experience performing triage/incident response in enterprise SaaS environments
• Expert knowledge of the cyber threat landscape – able to articulate and incorporate into program understanding of major threat categories, motivations, and intent of adversaries against enterprise assets
• Experience in at least one programming language, Python, Go, C, C++. Alternatively deep expertise using low-code automation tools or SOAR platforms is a plus.
• Experienced in driving monitoring and automation in cloud environments, preferably knowledge of AWS.
• Strong understanding of advanced persistent threats, attacker methodologies, attack lifecycle, cyber kill chain, and the MITRE framework.
• Understanding of digital forensics techniques and closely related areas.
• Exceptional collaboration skills and communication skills, with the ability to engage with partners and stakeholders with a variety of perspectives and technical understanding
• GIAC security certification such as GCIA, GCIH, GREM, GPEN (or equivalent), multiple preferred
  SaaS / FinTech / anti-fraud experience a plus
• Automation first mindset