Logo for Vultr

Senior CSIRT Engineer

Role overview

Qualifications

  • Minimum of 5 years experience in detection engineering, SIEM engineering, SOAR engineering, Security Operations, or a closely related role
  • Hands-on SIEM experience at an engineering level: rule authoring, parser development, log source integration, platform administration
  • Experience building SOAR workflows and automated response playbooks
  • Experience with EDR platforms, including policy configuration, telemetry analysis, and live response

Responsibilities

  • Engineer, tune, and maintain detection rules and analytics in the SIEM and EDR platforms
  • Administer SIEM platform health, parser configuration, log source onboarding, and data pipeline optimization
  • Design and build SOAR playbooks and automated response workflows to streamline triage, enrichment, and containment
  • Develop and maintain integrations between security tools (SIEM, EDR, SOAR, SEG, TIP, DLP, ticketing)

Key facts

Other skills

  • Communication
  • Teamwork
  • Problem Solving

About the company

Vultr logo

Vultr

Vultr is an ultra-reliable cloud platform that is within close proximity to the world’s developers. We’ve perfected the art and science of cloud infrastructure with our wide array of cloud, bare metal, and storage products, building one of the largest independent cloud computing providers in the process. From the team that created Choopa.com and GameServers.com, Vultr tackles complex hosting situations and delivers industry-leading performance and reliability while building out one of the largest, most available worldwide networks. Now take advantage of the Vultr Marketplace, allowing 1-click installations of popular apps, games, and operating systems, and the Vultr Kubernetes Engine, providing automated management of Kubernetes clusters so you can operate with confidence and easily scale.

Company details

Company typeScaleup
Industry
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Who We Are

Vultr is on a mission to make high-performance cloud infrastructure easy to use, affordable, and locally accessible for enterprises and AI innovators around the world. With 33 global cloud data center locations, Vultr is trusted by hundreds of thousands of active customers across 185 countries for its flexible, scalable, global Cloud Compute, Cloud GPU, Bare Metal, and Cloud Storage solutions. In December 2024 Vultr announced an equity financing at a $3.5 billion valuation. Founded by David Aninowsky and self-funded for over a decade, Vultr has grown to become the world’s largest privately-held cloud infrastructure company.

Vultr Cares

  • Excellent Medical Benefits w/ 100% company-paid premiums for employee only plan + 100% company-paid dental & vision premiums

  • 401(k) plan that matches 100% up to 4% with immediate vesting

  • Professional Development Reimbursement of $2,500 each year

  • 11 Holidays + Paid Time Off Accrual + Rollover Plan + take your birthday off

  • Commitment matters to Vultr! Increased PTO at 3 year & 10 year anniversary + 1 month paid sabbatical every 5 years + Anniversary Bonus each year

  • $500 first year remote office setup + $400 each following year for new equipment

  • Internet reimbursement up to $75 per month

  • Gym membership reimbursement up to $50 per month

  • Company-paid Wellable subscription

 

Join Vultr

The Vultr CSIRT (Computer Security Incident Response Team) is looking for a Senior CSIRT Engineer to join our team, reporting to the Senior Manager of Incident Response. In this role, you will own the SIEM and EDR platforms by administering, optimizing, and building detection content. You will design and implement automation workflows using SOAR and develop integrations across our security tooling stack. You will also work alongside CSIRT Analysts to investigate security events, conduct threat hunts, and support incident response.

 

Key Responsibilities

  • Engineer, tune, and maintain detection rules and analytics in the SIEM and EDR platforms

  • Administer SIEM platform health, parser configuration, log source onboarding, and data pipeline optimization.

  • Design and build SOAR playbooks and automated response workflows to streamline triage, enrichment, and containment.

  • Develop and maintain integrations between security tools (SIEM, EDR, SOAR, SEG, TIP, DLP, ticketing)

  • Map detection coverage to MITRE ATT&CK to identify and close gaps

  • Identify and drive improvements to security visibility across the environment, including new log sources, enrichment opportunities, and telemetry gaps

  • Assist with investigation of security events, from alert through remediation

  • Assist with conducting threat hunts across organizational telemetry

  • Assist incident response with log analysis, artifact collection, and containment

  • Manage EDR platform coverage, sensor health, and policy configuration

  • Coordinate with Threat Intelligence to translate intel into deployed, actionable detection logic

  • Coordinate with Security Engineering on infrastructure integrations and log pipeline architecture

  • Document detection logic, automation workflows, and operational procedures

 

Qualifications

  • Minimum of 5 years experience in detection engineering, SIEM engineering, SOAR engineering, Security Operations, or a closely related role

  • Hands-on SIEM experience at an engineering level: rule authoring, parser development, log source integration, platform administration.

  • Experience building SOAR workflows and automated response playbooks.

  • Experience with EDR platforms, including policy configuration, telemetry analysis, and live response.

  • Demonstrated proficiency in PowerShell, Bash, Python, common Query Languages (FQL, KQL, EQL, LEQL, MQL, etc) and YARA, SIGMA, and CAPA rules.

  • Experience conducting security investigations, threat hunting, and incident response

  • Solid understanding of attack techniques and detection logic mapped to MITRE ATT&CK

  • Proficiency with Linux, MacOS, and Windows.

 

Nice to Have

  • Experience with cloud infrastructure environments

  • Familiarity with data loss prevention concepts and insider threat detection patterns

  • Certifications such as BTL1, BTL2, CCD, CCSP, CKA, CKS, CJDE, CISSP, GCDA, GCED, GCFA, GCIH, GCIA, GCTD, GNFA, etc.

  • Experience in SOC2, ISO 27001, FedRAMP, or GDPR environments.

Inclusion & Privacy

We are an equal opportunity employer and are committed to creating an inclusive environment for all employees. We welcome applications from individuals of all backgrounds and experiences, and we prohibit discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected status under applicable laws. Vultr will consider qualified applicants with arrest or conviction records in accordance with applicable laws and will not conduct a background check until after an offer of employment has been extended and accepted.

We also take your privacy seriously. We handle personal information responsibly and follow applicable laws, including U.S. privacy rules and India’s Digital Personal Data Protection Act, 2023. Your data is used only for legitimate business purposes and is protected with proper security measures.

Where allowed by law, applicants may request details about the data we collect, access or delete their information, withdraw consent for its use, and opt out of nonessential communications. For more details, please see our Privacy Policy.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Field Engineer (Solutions) Related jobs

Other jobs at Vultr

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.