Staff Security Operations Engineer

1 week, 1 day ago
Full-time
Lead
DevOps and Infrastructure
Cribl

Cribl

Cribl provides a unified data management platform specifically designed for IT and security data, enabling users to explore, collect, process, and access their data at scale while offering enhanced control and flexibility in managing their data workflows.

IT Services
251-1K
Founded 2018
$402M raised

Description

  • Lead security incident management, triage, and investigations, and improve detection capabilities during response efforts.
  • Monitor security events and alerts across security tooling to identify and triage potential threats.
  • Develop, implement, maintain, and tune high-fidelity detection rules and alerts across SIEM and other security platforms.
  • Design and optimize detection logic to identify sophisticated threats and reduce false positives.
  • Act as a security incident response lead and help improve investigation processes and outcomes.
  • Build, enhance, and manage security playbooks using detection engineering best practices.
  • Conduct security assessments through vulnerability testing, threat hunting, and purple team activities to identify detection gaps.
  • Perform internal and external security reviews of corporate properties and enterprise applications.
  • Lead security incident response tabletop exercises.
  • Collaborate with Product Security, IT, Legal, and threat intelligence teams to integrate IOCs, TTPs, and remediation strategies.

Requirements

  • Experience with modern security principles and tooling such as SIEM, security data lakes, detection as code, EDR, zero trust networking, MSSP, and CSPM.
  • Strong understanding of common attack frameworks such as MITRE ATT&CK and how to map detections to TTPs.
  • Knowledge of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM.
  • Experience scripting or coding in at least one language such as Python, NodeJS, Ruby, or Bash.
  • Demonstrated experience with incident response and management.
  • Ability to communicate effectively with both technical and non-technical audiences.
  • Comfort working in ambiguity, with strong analytical skills and the ability to work cross-functionally.
  • Willingness to occasionally work outside standard hours to support a global, remote-first team.
  • Experience with SIEM platforms like Panther and their detection capabilities is a plus.
  • Familiarity with Wiz and cloud-native security tooling in AWS, Azure, or GCP is a plus.
  • Relevant cloud security or incident response certifications, such as SANS GIAC certifications, are preferred.
  • Proven experience developing, deploying, and maintaining detection rules such as Sigma, YARA, Splunk SPL, or KQL.

Benefits

  • Base salary range of $128,000 to $200,000 USD, depending on location and experience.
  • Eligibility for the Cribl Corporate Bonus Program for non-sales roles.
  • Comprehensive health, dental, vision, short-term disability, and life insurance coverage.
  • Paid holidays and paid time off.
  • Fertility treatment benefit.
  • 401(k) retirement plan.
  • Equity in the company.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Malware Analyst Tech Lead

Nozomi Networks 251-1K Internet Software & Services

Nozomi Networks is seeking a Malware Analysis Tech Lead to lead and grow its security research team focused on reversing malicious samples, developing detections, and producing threat intelligence that protects critical infrastructure worldwide.

Python Wireshark
12 hours, 47 minutes ago

Information System Security Engineer

Accenture 100K+ Professional Services

Accenture Federal Services is hiring a Cloud Information Systems Security Engineer to secure and authorize classified cloud systems for U.S. federal missions.

CI/CD Cybersecurity DevSecOps Encryption Linux Network Security SIEM Splunk
12 hours, 47 minutes ago

Information System Security Engineer

CSCI Consulting 51-250 Professional Services

CSCI Consulting is hiring an Information System Security Engineer to support the Joint Transportation Management System by securing on-premises and cloud environments for mission-critical transportation and logistics operations.

Cybersecurity
13 hours, 2 minutes ago

ServiceNow Integration & Infrastructure Specialist (MID Server, GCP, SSO)

Muller Internet Software & Services

Muller's Solutions is hiring an Integration/Infrastructure Specialist to support ServiceNow enterprise integrations, MID Server operations, and cloud connectivity across security and infrastructure environments.

Active Directory Agile CI/CD DNS GCP JavaScript OpenID Connect PowerShell Python REST API Scrum Shell Scripting
13 hours, 2 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers