Job Description:
• Design, implement, and tune high-fidelity detections across cloud, endpoint, SaaS, identity, and application environments
• Build and optimize queries, alerts, and correlation logic within our SIEM and EDR platforms
• Participate in SOC on-call rotation and serve as escalation point for high-severity incidents
• Lead complex investigations across endpoint, cloud, SaaS, and identity environments
• Triage and validate high-impact alerts, ensuring consistent investigative rigor and documentation
• Conduct proactive threat hunting to identify gaps in detection coverage
• Drive continuous improvement of playbooks, runbooks, and case management standards
• Build custom security tooling to improve alert enrichment, investigation, and response
• Develop integrations between security tools and internal systems via APIs
• Automate repetitive investigative workflows and containment actions
• Improve signal quality and reduce false positives across the stack
• Contribute to guardrails and enforcement mechanisms across cloud and SaaS environments
• Serve as the technical escalation point for high-severity incidents
• Lead complex investigations and root cause analysis
• Improve and mature incident response playbooks and processes
• Conduct post-incident analysis and drive systemic improvements
• Raise the technical bar within the SOC through mentorship and code/detection review
• Establish standards for detection quality and investigation rigor
• Partner closely with AppSec, Infrastructure Security, IT, and Engineering
• Help shape the SOC and detection engineering roadmap
Requirements:
• 5–7+ years of experience in security engineering, detection engineering, or security operations
• Strong experience with SIEM platforms
• Experience with EDR platforms
• Strong scripting skills (Python, Bash, or similar)
• Experience working in AWS or similar cloud environments
• Experience leading complex incident investigations
• Experience building internal security tools (Preferred)
• Detection-as-code or infrastructure-as-code experience (Preferred)
• Experience integrating tools via APIs (Preferred)
• Experience mentoring junior analysts or engineers (Preferred)
• Familiarity with SaaS security and identity-based attack patterns (Preferred)
Benefits:
• Open and transparent culture
• Life insurance, long and short-term disability coverage
• Paid maternity and paternity leave
• Fertility Benefits
• Generous vacation time, plus three 4-day summer holiday weekends
• Excellent medical, dental, and vision benefits
• 401k Plan with company matching
• Bi-annual swag drops with cool Podium gear and apparel
• A stellar HQ (Utah) gym with local professional coaches and classes offered
• Onsite HQ (Utah) child care center, subsidized for employees