Security Operations Engineer
About the role
The role involves designing and implementing high-fidelity detections, correlation rules, alerts, dashboards, and use cases in Splunk and related security platforms. It also includes building detections across multiple data domains, correlating signals from diverse tooling and data sources, partnering with business units, IT, engineering, and internal security stakeholders to map business processes and workloads to security use cases and required telemetry, supporting incident triage, investigation, containment, and post-incident improvement activities, developing enrichment and automation workflows using Python, APIs, and security tooling, improving detection quality by tuning noisy alerts, reducing false positives, and increasing true positive rates, collaborating on logging strategy, event onboarding, normalization, parsing, correlation, retention, reporting, and platform customization, applying threat intelligence, attacker tradecraft, and frameworks such as MITRE ATT&CK, CVE/CVSS, and risk context to drive meaningful detections, creating playbooks, runbooks, detection documentation, and operational guidance for responders and analysts, using lessons learned from incidents, hunts, and threat research to continuously improve content, coverage, and response workflows, helping mature a security operations model that brings together detection, alerting, investigation, and response rather than treating them as isolated functions.
Candidates will join an innovative team pushing engineering boundaries. Depending on the domains associated with this job, you will be expected to design clean APIs, write automated test cases, and participate in peer code reviews. We value developers who focus on performance optimization, fast load times, and simple, maintainable architectures.