Platform Security Engineer

About The Position

Requirements

• SOC Experience: 5+ years in a Security Operations Center environment with exposure to mature SOC operations and best practices
• SIEM Expertise: Hands-on experience with Splunk Enterprise Security or comparable enterprise SIEM platforms (building correlation searches, alerts, dashboards, and ES-specific frameworks)
• Detection Engineering: Proven experience developing security detections, use cases, and alert tuning methodologies
• MITRE ATT&CK Framework: Practical application of MITRE ATT&CK for detection coverage mapping and gap analysis
• Security Automation: Experience building automated response workflows and playbooks (SOAR platforms preferred)
• Scripting: Strong proficiency in Python, PowerShell, or Bash for automation and integration development
• Cloud Security: Understanding of cloud security monitoring and detection across AWS, GCP, and Azure environments
• Analytical Mindset: Ability to identify gaps, define clear vision for improvement, and guide teams toward maturity

Nice To Haves

• Splunk SOAR (Phantom) hands-on experience
• Splunk UEBA or behavioral analytics platform experience
• Risk-Based Alerting (RBA) implementation experience
• Threat hunting background with detection engineering application
• Infrastructure automation and CI/CD pipeline knowledge
• Experience mentoring or leading detection engineering teams
• Relevant certifications (GIAC, CISSP, or similar)
• Experience setting up internal SOC "Guidance" knows the what potential pitfalls to be aware how things should work.
• Running into issue where their teams don’t know how to define good soc
• step in and help, been part of soc, well oiled machine, experience with what does/doesn’t work
• Senior level- not lead, Senior engineer hands on with detections
• most of it built out, just need extra help
• expand detections, detection engineering, vulnerabilities, scripting if needed
• consulting in a way, help guiding, wouldn’t own whole process, have analyst team, need an engineer to point out mistakes and roadblocks
• Splunk enterprise security for detections, Splunk soar for automation, SPLUNK UEBA
• could translate through other SIEM tools, could be taught Splunk but it’s being used currently so they’ll have a leg up if they have that already
• analysts will do the actual work, design and improve whole enterprise security
• goal is to reduce work load for analysts, automate and take work off their hands
• working with threat team, if new vulnerability helps with detections

Responsibilities

• Design and implement comprehensive detection use cases aligned with the MITRE ATT&CK framework
• Conduct gap analysis of current detection coverage and develop roadmap to address gaps
• Build and tune correlation searches, alerts, and detection logic in Splunk Enterprise Security
• Implement Risk-Based Alerting (RBA) methodologies to improve signal-to-noise ratio
• Develop detection strategies for multi-cloud environments (AWS, GCP, Azure)
• Continuously evaluate and improve detection effectiveness based on SOC feedback
• Design and implement automated response playbooks using Splunk SOAR
• Build integrations between security tools to enable automated investigation and response workflows
• Develop scripts and automation (Python, Bash, PowerShell) to streamline SOC operations
• Create reusable automation frameworks that scale across multiple use cases
• Collaborate with platform engineering to ensure reliable automation infrastructure
• Define what a mature SOC capability looks like using Splunk ES, SOAR, and supporting tools
• Identify gaps and shortcomings in current SOC implementation and provide clear remediation guidance
• Establish best practices, standards, and frameworks for detection engineering and response
• Mentor platform engineering team on SOC-specific requirements and approaches
• Contribute to long-term SOC strategy and capability development
• Partner with threat intelligence and threat hunting teams to operationalize research into detections
• Work with SOC analysts to understand investigation workflows and improve detection quality
• Collaborate with platform engineering teams to implement and maintain SOC infrastructure
• Participate in incident response activities to validate and refine detection and automation capabilities
• Document detection logic, playbooks, and technical architectures

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)