Staff Security Operations Engineer

New

CriblInfrastructure software

Remote - United States, work happens across many time-zonesFull-TimeStaff

Salary$128,000 — $200,000 USD

Apply NowOpens the employer's application page

Job Details

Experience with modern security principles including SIEM, security data lakes, detection as code, EDR, and zero trust networking.
Demonstrated experience with incident response and management.
Strong understanding of common attack frameworks such as MITRE ATT&CK.
Familiarity with authentication/authorization schemes including SAML, OpenID, OAuth2, and SCIM.
Proficiency in scripting or coding in Python, NodeJS, Ruby, or Bash.
Experience developing and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL).
Familiarity with cloud-native security tools for AWS, Azure, or GCP.
Strong analytical skills with the ability to communicate technical concepts to non-technical audiences.
Self-motivated with the ability to work cross-functionally in ambiguous environments.
Relevant cloud security or incident response certifications (e.g., SANS GIAC) are preferred.
Experience with Panther SIEM is a plus.

Monitor security events and triage alerts using SIEM, MSSP, AI, and CSPM tools.
Develop and maintain high-fidelity detection rules and alerts based on threat intelligence.
Tune existing detection logic to improve efficacy and reduce false positives.
Act as a security incident response lead during investigations.
Manage and enhance security playbooks using detection engineering best practices.
Conduct security assessments, vulnerability testing, and threat hunts.
Perform internal and external security reviews of corporate properties.
Lead security incident response tabletop exercises.
Champion the use of Cribl products within the security tech stack.

View Full Description & ApplyYou'll be redirected to the employer's site