We are looking for a Security Operations Engineer with a builder’s mindset to join our team. In this position, you will act as the link between Security and Engineering, working closely with our engineering groups to streamline logging and create a unified observability platform covering logs, metrics, and synthetic monitoring.

You will take the lead in shaping our detection logic, implementing our new SIEM, and turning raw data into accurate, high‑quality alerts. While you won’t be responsible for monitoring the environment alone, you will function as the main technical escalation point for our MDR partner (Sophos) and oversee our incident response framework, including developing runbooks, playbooks, and triage guides. This role is ideal for someone ready to move beyond routine analysis and take ownership of designing and building a modern detection and response program.

WHAT YOU’LL DO:

SIEM Implementation and Detection Engineering
• Lead the deployment of our new SIEM, handling data ingestion and tuning the system for best performance.
• Manage the security observability stack in Grafana (Loki/LogQL, Prometheus/PromQL, Grafana Alerting, OTel), including source onboarding, parsing, enrichment, and alert routing.
• Oversee the full content engineering lifecycle: creating, testing, and optimizing detection rules and queries (LogQL, PromQL, SPL, KQL, SQL, etc.) to catch malicious activity with minimal false positives.
• Work with Engineering to ensure the observability platform gathers all necessary security telemetry and log data.
• Act as a primary operator for security monitoring and initial incident triage, participating in the on‑call rotation.

Telemetry Engineering and Security Observability
• Define logging standards and required security telemetry across products and infrastructure.
• Manage log onboarding, parsing, enrichment, normalization, retention, and cost efficiency.
• Build dashboards and SLOs measuring the health of security telemetry, including coverage, latency, and drop rates.

Incident Response and Process Development
• Create and maintain the full library of incident response materials, such as triage guides, runbooks, and playbooks.
• Serve as the main technical contact for our MDR provider (Sophos), providing needed context for effective monitoring.
• Perform in‑depth investigations and threat hunting for complex alerts escalated by the MDR or internal teams.
• Oversee alert routing and incident tracking integrations (PagerDuty with Jira/Slack), including severity definitions, escalation workflows, and reporting.
• Lead incident coordination, write post‑incident reports, and collaborate with Engineering on corrective actions.
• Manage phishing detection and response processes, including user reports, triage, and containment.

Operational Health and Optimization
• Continuously assess alert quality and automations, refining logic to reduce noise and alert fatigue.
• Help define log schemas to ensure data is properly parsed for both security and engineering needs.
• Evaluate and adopt AI‑driven tools to speed up query creation and dashboard development.
• Manage integration and correlation of alerts between the MDR service and the internal SIEM and incident systems.
• Enforce least‑privilege access to security telemetry and prevent sensitive data exposure in logging pipelines.

WHAT YOU’LL BRING:
• 5–7 years of experience in Information Security or Security Operations.
• A proven shift from consuming alerts as an analyst to building detections as an engineer.
• Hands‑on experience with SIEM or observability platforms (Grafana/Loki preferred; Splunk, Elastic, Sentinel, or Datadog are also suitable), especially for dashboards, reporting, and complex query development.
• Experience working with MDR providers or MSSPs is strongly preferred.
• Background working with DevOps or Engineering teams on logging or observability initiatives is a plus.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
• Relevant certifications such as GCIH, GCIA, GCED, GMON, Security+, or CySA+ are highly valued.

YOUR TECHNICAL TOOLKIT:
• Query Languages: Strong skills in LogQL, PromQL, KQL, SPL, SQL or similar, used for data analysis and dashboard building.
• Detection Logic: Ability to convert threat intelligence and MITRE ATT&CK techniques into reliable detection rules.
• Response Frameworks: In‑depth understanding of the NIST or SANS Incident Response Lifecycle and experience writing clear operational runbooks.
• Light Scripting: Familiarity with Python or similar languages for automation or API‑based tasks (not a primary coding role).

WHAT SETS YOU APART:
• Operator‑to‑Builder Mindset: You recognize the frustration of poorly designed alerts and are motivated to create better, more effective solutions.
• Cross‑Functional Collaboration: Skilled at working with Engineering teams to align on data formatting and ingestion standards.
• Autonomy: Able to prioritize work and independently drive the SIEM implementation forward.

Salary: $130,000–$150,000 per year
We are committed to salary transparency. The final offer will depend on experience, qualifications, and budget considerations. The hiring team will share more details about compensation during the interview process. External salary estimates (LinkedIn, Glassdoor, etc.) may not reflect our actual range.

WHAT YOU SHOULD KNOW ABOUT US:
• We are relaxed yet professional, offering a casual environment and remote flexibility while building innovative, top‑tier solutions for our customers.
• We deeply value delivering meaningful service and solutions that genuinely support our clients and their businesses.
• We welcome people as they are and build trust‑based partnerships.
• Teamwork and collaboration drive how we help colleagues and customers overcome challenges.
• Our team is energetic, curious, fun, and eager to make an impact—and we’d love for you to join us.

LOVE WHAT YOU DO, NO MATTER WHERE YOU DO IT:
• Become part of our remote‑first global work community that fosters growth, creativity, and collaboration.
• Whether early in your career or experienced, you’ll find a place where your ideas matter and your development is a priority.

A GLOBAL COMPANY WITH A LOCAL PRESENCE:
• We offer flexibility for working in the office or remotely, supporting strong work/life balance.
• Our headquarters is located in the Bell Works complex in Holmdel, New Jersey, available for collaborative work, training, and team activities.
• We employ people across 30+ states and 7 countries, with regional offices offering local perks and community involvement.
• Whether remote or in‑office, you’ll join a community that values diversity and cares about our products, customers, communities, and each other.

RELAX, WE’VE GOT YOU COVERED:
• Comprehensive benefits package including health, dental, and a 401(k) with company match.

AND MORE:
• Flexible Time Off or generous PTO (role dependent), plus paid holidays.
• Up to four weeks of paid bonding leave.
• Tuition reimbursement.
• A strong Employee Assistance Program through TotalCare with 24/7 counseling, financial and legal guidance, adoption assistance, and more.
• 24/7 virtual medical access via Teladoc.
• Quarterly peer‑nominated awards.
• Regional discounts and perks.
• Opportunities to participate in community service and charitable events.

GROW WITH US:
• We recognize the importance of retaining top talent and reward curiosity and continuous improvement.
• We encourage internal mobility for employees who know and love our products.
• Employees have access to an extensive training library with both self‑paced and live learning opportunities.

JOIN OUR WINNING TEAM:
• Ten‑time NJBiz Best Place to Work in New Jersey.
• Recognized for exceptional products, growth, and culture, including awards from Inc. 5000, SaaS Awards, IT World Awards, Globe Awards, the Silver Stevie for Employer of the Year, and Best Place to Work by Inc. Magazine.
• Named among The Software Report’s Top 100 Software Companies of 2022.

We are an equal opportunity employer. All applicants will be considered without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Don’t meet every requirement? Research shows some candidates hesitate unless they match every qualification. We encourage you to apply anyway—you may be the perfect fit for this or another role.