Job Description

We are seeking a Senior Security Operations Engineer to establish and enhance security operations within a high-growth, remote-first environment. As the first hire in this function, you will have the opportunity to define security processes, strengthen situational awareness, automate cloud security detection and response capabilities, improve the security posture of third-party tools, and ensure timely handling of security incidents.

This role is highly autonomous and impact-driven, with a strong emphasis on speed and effectiveness. Ideal candidates will have experience in SIEM management, security detection & response (D&R), and cloud-based security operations.

Logistics: This is a 100% remote role open to individuals legally authorized to work in the United States.

Compensation: $160-200k base salary with an equity package.

What you'll be doing:

• Lead investigations into security alerts and reported incidents within a cloud-based environment.
• Automate investigation workflows and integrate tools to enhance response times and reduce manual work.
• Act as Incident Commander during security incidents, overseeing containment, recovery, and post-mortem analysis.
• Develop and maintain security operations playbooks to streamline incident response processes.
• Collaborate with IT and support teams to refine security-related procedures.
• Develop and implement SIEM detections and alerting mechanisms using Terraform, Datadog, or similar tools.
• Onboard, enrich, and normalize diverse log sources across cloud environments, applications, and endpoints.
• Work with engineering teams to enhance security auditing, instrumentation, and visibility across deployed resources.
• Oversee vulnerability tracking and reporting, ensuring clear ownership and timely remediation.
• Collaborate with teams to negotiate remediation priorities and implement security fixes.
• Drive proactive vulnerability mitigation efforts and ensure compliance with best practices.
• Assess and improve the security posture of third-party services and integrations (e.g., Google Workspace, Slack, Zapier).
• Monitor and respond to phishing attempts and security threats within cloud-based collaboration tools.

What's required of you:

Must-Have:

• 5+ years of experience in security incident response, such as working in a SOC or on a CIRT/DIRT team.
• Proven experience leading security incidents as an Incident Commander.
• Strong ability to investigate security events and coordinate responses across teams.
• Expertise in cloud security operations (AWS, GCP) and cloud technologies like Docker.
• Comfortable working in Linux environments, with experience using scripting languages (e.g., Bash, Python) to automate tasks.
• Deep understanding of web & cloud vulnerabilities, familiarity with CVSS, and best practices for mitigation.
• Strong grasp of SaaS platform security, including access controls and phishing prevention.
• Ability to pragmatically balance business needs against security risks.
• Excellent written communication skills, with experience documenting processes and corresponding with stakeholders.

Nice-to-Have:

• Experience using infrastructure-as-code (e.g., Terraform) for security detections.
• Background in vendor security reviews and assessing third-party risk.
• Familiarity with SAML SSO configurations and authentication security best practices.
• Experience with systems administration or software development.
• Prior work experience in fast-paced, high-growth tech environments.