This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.
What You Will Do:
Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.
Build and maintain an effective and scalable security monitoring infrastructure solution.
Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.
Triage alerts and drive security incidents to closure while reducing their potential impact .
Build processes and workflows to triage security alerts and respond to real incidents.
Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.
Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.
Contribute to strategy, risk management, and prioritization for all efforts around detection and response.
Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.
Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.
5+ years of relevant industry experience.
Strong domain knowledge in security incident detection and response, with a proven ability to operate, optimize, and enhance the effectiveness of the Security Operations Center (SOC).
Demonstrated experience with effective incident response and containment practices, preferably in a cloud-first environment.
Hands-on experience in instrumenting and deploying telemetry solutions.
Experience with operating open-source and/or commercial solutions for logging and security event management, including SIEM and SOAR platforms such as Splunk, Microsoft Sentinel, SolarWinds, Trellix, and similar tools.
Experience in managing and fine tunning CNAPP platforms such as WIZ, Orca, Defender, Singularity or other similar solutions.
Ability to script or code fluently in an interpreted language like Python, PowerShell or Javascript.
Proficiency in automation using tools such as Logic Apps, Azure Functions, AWS Lambda, and Runbooks.
Strong experience in analyzing IAM configurations and entities behavior across multi-cloud and multi-account environments, detecting potential breaches, identifying security gaps, and responding to threats in real time.
Decision-maker with the ability to operate with freedom and autonomy.
Experience working with distributed teams and other cross-functional stakeholders.
Ability to manage competing priorities and workload.
Experience or strong familiarity with DevOps practices and Agile methodologies is a plus.
Experience with cloud deployments in AWS, GCP, or Azure is a plus.
