Software Engineer - SOC

Responsibilities

• Monitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior
• Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes
• Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities
• Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)
• Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CD
• Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows
• Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements
• Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability
• Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations
• Implement and scale security monitoring solutions across cloud-native and distributed environments
• Conduct proactive threat hunting using data-driven and hypothesis-based approaches
• Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines
• Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code
• Participate in architecture and design discussions to embed security into systems from the ground up
• Drive and contribute to broader security engineering and SOC modernization projects

Minimum Qualifications

• 2–4 years of experience in information security, security engineering, or a related field
• Hands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems
• Experience with incident response and security investigations
• Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations
• Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling
• Familiarity with software engineering fundamentals (data structures, APIs, version control, testing)

Preferred Qualifications

• Experience in Incident Response, Malware Analysis, and Threat Hunting
• Background in SOC, or SecDevOps practices
• Experience building or maintaining internal security tools or platforms
• Knowledge of distributed systems and observability (logging, metrics, tracing)
• Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)
• Relevant certifications (e.g., GCIA or similar)

6-Month Accomplishments

• Independently handle full incident response lifecycle with a focus on improving repeatability through automation
• Build or enhance at least one automation workflow (e.g., alert enrichment, triage pipeline, or response action) that reduces manual effort
• Develop high-fidelity detections with low false-positive rates using structured testing and validation approaches
• Author and maintain programmatic incident response playbooks integrated with SOC tooling
• Demonstrate strong understanding of the evolving threat landscape and apply insights to detection engineering
• Contribute code or improvements to internal SOC tools, repositories, or automation frameworks

12+ Month Accomplishments

• Significantly reduce Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through scalable engineering solutions and automation
• Establish and maintain a robust detection engineering lifecycle (design, test, deploy, measure, iterate)Improve overall security operations posture through continuous system-level and architectural enhancements
• Lead or contribute to major security engineering projects that strengthen monitoring, detection, and response capabilities
• Build reusable frameworks, libraries, or services that elevate SOC efficiency and engineering maturity
• Act as a bridge between Security and Engineering teams, promoting secure-by-design principles across the organization