Staff Security Engineer

About the Role: We are seeking a SOC Staff Software Engineer who will design, build, and implement security solutions for our newly established Security Operations Center. As an integral member of our engineering team, you'll work on developing tools, automation, and infrastructure to support SOC analysts in detecting, analyzing, and mitigating perimeter security threats. You'll focus on building solutions that enhance incident response capabilities, streamline operations, and provide insights into threats through data visualization and reporting.

Key Responsibilities:

• Tool Development and Automation: Design and develop automation solutions to improve SOC efficiency, with a focus on Content Delivery Networks (CDNs), Web Application Firewalls (WAFs), and Splunk integrations. Build tools that enable analysts to detect, investigate, and respond to incidents faster and with greater accuracy.
• Threat Detection and Mitigation Solutions: Create detection algorithms and response playbooks for incidents stemming from bot traffic, scanners, malicious actors, and anomalies in customer traffic. Implement solutions that prioritize incidents and reduce alert noise while maintaining high accuracy.
• Access Control and IP Reputation Monitoring: Engineer and maintain systems that manage whitelisting, network access allowances, and client IP reputation monitoring. Ensure access control solutions align with enterprise security standards and respond dynamically to emerging threats.
• Data Pipeline and Logging Infrastructure: Develop scalable data pipelines and logging systems to centralize threat intelligence, log traffic patterns, and enhance visibility into perimeter security metrics. Enable SOC analysts to draw insights from high-quality data sources.
• Threat Pattern Identification and Visualization: Build tools for anomaly detection, pattern recognition, and data visualization, enabling SOC teams to understand and report on threat patterns, including insights into scanner dynamics and attacker capabilities.
• Security Controls Monitoring: Engineer solutions that continuously monitor the efficacy of security controls, identify coverage gaps in API endpoints, and adapt to the evolving application landscape.
• Documentation and Knowledge Sharing: Create comprehensive documentation and playbooks that outline tool functionality, automation workflows, and standard operating procedures for SOC use. Ensure documentation is accessible and maintainable.
• Executive Reporting Solutions: Build systems that generate executive reports on key metrics, such as mitigation impact, financial savings, session counts affected by mitigation technologies, and availability impact due to traffic anomalies.
• Collaborative Threat Response: Participate in threat detection exercises, incident analysis, and instrumenting mitigation solutions alongside the operations team. Work hands-on with analysts to refine tools and responses based on live incident insights and threat exercises.

Required Skills and Qualifications:

• Automation Expertise: Strong proficiency in automating tasks within CDNs, WAFs, and Splunk. Experience with scripting and programming languages like Python, Bash, or other relevant languages for automation.
• Experience in Security Engineering: Background in developing security solutions for incident response, perimeter defense, or SOC environments. Familiarity with threat detection and anomaly analysis.
• Data Pipeline Management: Experience in building and managing data pipelines, logging frameworks, and data visualization for security analysis. Proficiency with data engineering tools and frameworks is a plus.
• Strong Analytical Skills: Ability to identify and mitigate security threats with minimal false positives, understanding of bot traffic, scanners, and other traffic-based threats.
• Cross-Functional Collaboration: Effective communication skills, with experience working closely with SOC analysts, incident responders, and engineering teams.
• Documentation Skills: Proven ability to create clear, accessible, and detailed documentation to support SOC workflows and tooling.

This is an opportunity to lead the technical foundation of our Perimeter SOC and develop solutions that directly impact security operations. If you have a passion for engineering solutions that enable effective threat detection and response, we encourage you to apply.