Original listing text, shown exactly as published by the company.
What You’ll Do
Detection & Response — your core focus
- Own our SIEM-of-record end-to-end; take it from deployed to operated: finish and harden log-source onboarding (GCP audit logs, Okta, Google Workspace, GitHub, endpoint telemetry) and own normalization, ingest health and the operating rhythm.
- Build detection-as-code: grow the first high-signal rules into a versioned, peer-reviewed rule set (Sigma / YARA-L / scheduled queries) mapped to MITRE ATT&CK and tuned hard against false positives.
- Drive MTTD down to minutes on the attack paths that matter; identity abuse, service-account impersonation, bulk data access, CI/CD compromise.
- Incident response: rehearse playbooks, lead investigations and forensics, and support breach-notification workflows with the compliance team.
- Run the cloud-findings triage loop (Security Command Center / CNAPP)
Platform, Cloud & Application Security
- Harden our Google Cloud estate (IAM least privilege, org policies, VPC Service Controls, GKE security, Cloud Armor) and codify everything in Terraform.
- Secure the CI/CD pipeline and SDLC (SAST, dependency and secrets scanning, supply-chain controls) and contribute to threat modeling of new features, including our AI/LLM surfaces.
Corporate Security (with IT)
- Strengthen the identity plane with IT — Okta policy hardening, phishing-resistant MFA (FIDO2/passkeys), SSO/SCIM coverage, joiner-mover-leaver automation — and route EDR and email-security telemetry into your detections.
Your DNA
- 5–8+ years in security engineering, including at least 2–3 years hands-on experience in detection engineering, SOC or incident response.
- Proven experience writing detection rules as code (Sigma, YARA-L or equivalent) and tuning them in production.
- Python automation (event pipelines, alert enrichment, BigQuery) and Terraform
- Incident response and forensics fundamentals; comfortable moving between an IAM review, a CI hardening PR and an Okta policy change
- Excellent communication in English able to work cross-functionally with engineering, compliance and IT.
- GKE Autopilot & admission controllers, SIEM operations (Google SecOps / Elastic / Panther), or experience in healthcare / another regulated industry is a plus.
