Senior Security Engineer

This is a fully remote position, open to applicants in California.

📋 Description

• Take ownership of, design, and consistently enhance the security tooling ecosystem that supports a modern, detection-first Security Operations Center (SOC).

• Engineer, deploy, and maintain all fundamental SOC platforms, including malware analysis and sandboxing solutions, analyst workstation environments (Windows investigation VMs), Endpoint Detection & Response (EDR/XDR), Email Security Engineering, and Vulnerability Scan Engineering.

• Serve as the technical owner for SOC platforms, ensuring alignment with architectural requirements, managing the lifecycle, upgrades, and decommissioning.

• Guarantee that SOC platforms are designed for scalability, reliability, performance, and forensic integrity.

• Oversee the engineering, configuration, and operational health of the EDR platform across the enterprise.

• Establish and uphold EDR hygiene standards, including sensor coverage, policy consistency, versioning, and asset attribution.

• Monitor EDR health metrics and proactively address any gaps that could affect detection or response effectiveness.

• Create testing frameworks to validate EDR detections, policies, and response actions.

• Act as the technical owner of detection engineering, facilitating high-fidelity detections through enhanced tooling, telemetry, and data quality.

• Engineer and sustain malware detonation and analysis environments that allow for safe, repeatable analysis.

• Evaluate new attacker techniques, malware families, and evasion tactics to identify detection and prevention opportunities across the enterprise.

⛳️ Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience.

• 5–10+ years of experience in security engineering, detection engineering, or advanced technical roles within a SOC.

• Extensive hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne).

• Experience in engineering SOC platforms as opposed to merely consuming alerts (a platform ownership mindset).

• Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activities across workstation and server environments.

• Experience in supporting malware analysis and sandboxing environments.

• Familiarity with SOC workflows, detection pipelines, and incident response requirements.

• Proficient scripting and automation skills (PowerShell, Python).

• Solid understanding of attacker TTPs mapped to the MITRE ATT&CK framework.

🏝️ Benefits

• Paid vacation time.

• Paid sick leave.

• Medical/dental/vision insurance.

• Life, accident, and disability insurance.

• Tax-advantaged flexible spending and health savings accounts.

• Employee assistance program.

• Additional voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident, and hospital indemnity.

• Tuition reimbursement.

• Transit benefits.

• Employee stock purchase plan.

• Sandisk's Savings 401(k) Plan.