Security Operations Engineer

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

THE ROLE

You will partner with the security operations lead and broader security team to develop and mature security use cases that apply across the company’s environment and operations. Your mission is to build and refine the detections, policies, and response logic that enable the team to identify real attacks, misuse, intrusions, and data loss events with speed and confidence.

This is not a passive monitoring role. You will be expected to understand how the business operates, how attackers move, where meaningful signals live, and how to translate that knowledge into durable security content and response workflows. Success in this role is measured not by alert volume, but by signal quality, attack reduction, faster containment, and continuous operational improvement.

WHAT YOU’LL DO

Design, implement, and maintain high-fidelity detections, correlation rules, alerts, dashboards, and use cases in Splunk and related security platforms.

Build detections across multiple data domains, including identity, endpoint, network, cloud infrastructure, SaaS applications, DLP, vulnerability, and asset posture.

Correlate signals from diverse tooling and data sources to identify attacker behavior, misuse, anomalous activity, and material security risk.

Partner with business units, IT, engineering, and internal security stakeholders to map business processes and workloads to security use cases and required telemetry.

Support and participate in incident triage, investigation, containment, and post-incident improvement activities.

Develop enrichment and automation workflows using Python, APIs, and security tooling to improve analyst efficiency and response consistency.

Improve detection quality by tuning noisy alerts, reducing false positives, and increasing true positive rates.

Collaborate on logging strategy, event onboarding, normalization, parsing, correlation, retention, reporting, and platform customization.

Apply threat intelligence, attacker tradecraft, and frameworks such as MITRE ATT&CK, CVE/CVSS, and risk context to drive meaningful detections.

Create playbooks, runbooks, detection documentation, and operational guidance for responders and analysts.

Use lessons learned from incidents, hunts, and threat research to continuously improve content, coverage, and response workflows.

Help mature a security operations model that brings together detection, alerting, investigation, and response rather than treating them as isolated functions.

What You Will Help Build

High-signal detections for credential misuse, privilege abuse, lateral movement, endpoint comp