Senior Security Engineer

This is a fully remote position, open to applicants in California.

📋 Description

• Take ownership of, design, and continually enhance the security tools ecosystem that supports a contemporary, detection-oriented Security Operations Center (SOC).

• Engineer, deploy, and uphold all fundamental SOC platforms, which include Malware analysis and sandboxing solutions, Analyst workstation environments (Windows investigation VMs), Endpoint Detection & Response (EDR/XDR), Email Security Engineering, and Vulnerability Scan Engineering.

• Serve as the technical owner of SOC platforms, ensuring alignment with architectural requirements, managing the lifecycle, overseeing upgrades, and handling decommissioning.

• Guarantee that SOC platforms are designed for scalability, reliability, performance, and forensic integrity.

• Oversee the engineering, configuration, and operational health of the EDR platform across the organization.

• Establish and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution).

• Monitor EDR health metrics and proactively address gaps that may affect detection or response effectiveness.

• Develop testing frameworks to validate EDR detections, policies, and response actions.

• Act as the technical owner of detection engineering, facilitating high-fidelity detections through improved tools, telemetry, and data quality.

• Engineer and sustain malware detonation and analysis environments that allow for safe and repeatable analysis.

• Evaluate new attacker techniques, malware families, and evasion tactics to identify detection and prevention opportunities across the enterprise.

⛳️ Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience.

• 5–10+ years of experience in security engineering, detection engineering, or advanced technical roles within a SOC.

• Extensive hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne).

• Experience in engineering SOC platforms rather than solely consuming alerts (platform ownership mentality).

• Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activity across both workstation and server environments.

• Experience in supporting malware analysis and sandboxing environments.

• Familiarity with SOC workflows, detection pipelines, and incident response requirements.

• Strong scripting and automation skills (PowerShell, Python).

• Comprehensive understanding of attacker TTPs mapped to the MITRE ATT&CK framework.

🏝️ Benefits

• Paid vacation time.

• Paid sick leave.

• Medical/dental/vision insurance.

• Life, accident, and disability insurance.

• Tax-advantaged flexible spending and health savings accounts.

• Employee assistance program.

• Additional voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident, and hospital indemnity.

• Tuition reimbursement.

• Transit benefits.

• Employee stock purchase plan.

• Sandisk's Savings 401(k) Plan.