OverviewThe Senior Security Operations Engineer will be a pivotal member of Cribl's Information Security team, primarily responsible for strengthening our security posture through robust security operations and advanced threat detection. You will lead security incident management, triage, and investigations, and be instrumental in developing innovative solutions to remediate current threats and proactively prevent future attacks. A key aspect of this role will be designing, implementing, and optimizing detection logic to identify sophisticated threats across our environment. You will partner closely with Product Security, IT, and Legal teams, and report to the Chief Information Security Officer.ResponsibilitiesMonitoring security events and alerting via our security tooling including MSSP, SIEM, AI, and CSPM tooling to identify and triage potential threatsDeveloping, implementing, and maintaining high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risksConducting continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacyResponding to issues identified by our Cribl employeesActing as a security incident response lead, including leveraging and improving detection capabilities during investigationsBuilding, enhancing, and managing security playbooks, incorporating detection engineering best practicesConducting security assessments of corporate assets through vulnerability testing and threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunitiesPerforming both internal and external security reviews of corporate properties e.g. the corporate website and enterprise applicationsLeading security incident response tabletop exercisesContinuing to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilitiesCollaborating with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategiesExperience with SIEM platforms like Panther is a plus and its detection capabilitiesFamiliarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCPRelevant certifications in cloud security or incident response (e.g., SANS GIAC certifications)QualificationsKnowledge of, and experience in, working with modern security principles e.g. security data lakes, detections as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management.Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms.Strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPsUnderstanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIMExperience scripting / coding in at least one of the following languages : Python, NodeJS, Ruby, BashBe the go-to technical subject matter expert on security, compliance, and assurance topicsExcellent communication skills and ability to communicate ideas to technical and non-technical audiencesComfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross functionallyBring Your Whole Self Diversity drives innovation, enables better decisions to support our customers, and inspires change for the better. We\'re building a culture where differences are valued and welcomed, and we work together to bring out the best in each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. Interested in joining the Cribl herd? Learn more about the smartest, funniest, most passionate goats you\'ll ever meet at cribl.io / about-us.Senior-levelNote: Non-visible placeholder text ignored. #J-18808-Ljbffr