Platform Security Engineer
About The Position
Our Security Operations Center is evolving from foundational capabilities into a mature, comprehensive security operations program. We need an experienced SOC engineer who has been part of a top-tier SOC and can provide technical vision and leadership to guide our detection engineering and automation efforts. This role focuses on building robust detection capabilities, automating security responses, and creating the frameworks that enable our SOC analysts to effectively identify and respond to threats. You will work closely with our threat intelligence and hunting teams to translate security research into actionable detections and automated responses.
Requirements
- SOC Experience: 5+ years in a Security Operations Center environment with exposure to mature SOC operations and best practices
- SIEM Expertise: Hands-on experience with Splunk Enterprise Security or comparable enterprise SIEM platforms (building correlation searches, alerts, dashboards, and ES-specific frameworks)
- Detection Engineering: Proven experience developing security detections, use cases, and alert tuning methodologies
- MITRE ATT&CK Framework: Practical application of MITRE ATT&CK for detection coverage mapping and gap analysis
- Security Automation: Experience building automated response workflows and playbooks (SOAR platforms preferred)
- Scripting: Strong proficiency in Python, PowerShell, or Bash for automation and integration development
- Cloud Security: Understanding of cloud security monitoring and detection across AWS, GCP, and Azure environments
- Analytical Mindset: Ability to identify gaps, define clear vision for improvement, and guide teams toward maturity
Nice To Haves
- Splunk SOAR (Phantom) hands-on experience
- Splunk UEBA or behavioral analytics platform experience
- Risk-Based Alerting (RBA) implementation experience
- Threat hunting with detection engineering application
- Infrastructure automation and CI/CD pipeline knowledge
- Experience mentoring or leading detection engineering teams
- Relevant certifications (GIAC, CISSP, or similar)
Responsibilities
- Design and implement comprehensive detection use cases aligned with the MITRE ATT&CK framework
- Conduct gap analysis of current detection coverage and develop roadmap to address gaps
- Build and tune correlation searches, alerts, and detection logic in Splunk Enterprise Security
- Implement Risk-Based Alerting (RBA) methodologies to improve signal-to-noise ratio
- Develop detection strategies for multi-cloud environments (AWS, GCP, Azure)
- Continuously evaluate and improve detection effectiveness based on SOC feedback
- Define what a mature SOC capability looks like using Splunk ES, SOAR, and supporting tools
- Identify gaps and shortcomings in current SOC implementation and provide clear remediation guidance
- Establish best practices, standards, and frameworks for detection engineering and response
- Mentor platform engineering team on SOC-specific requirements and approaches
- Contribute to long-term SOC strategy and capability development
Benefits
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Mid Level
Education Level
No Education Listed
