Principal Security Engineer, Operations

Role overview

We’re seeking a Principal Security Engineer, Operations who will lead the design, development, and operation of scalable detection and defensive security controls across our cloud-first and hybrid environments. This individual will be a key technical leader within the Information Security team, responsible for evolving our threat detection, response, and prevention capabilities. The ideal candidate has deep experience in both red and blue team methodologies and exercises, with a proven ability to think like an attacker while building resilient detection infrastructure that scales.

This role is foundational to our cloud and infrastructure security strategy programs and will help define the future of our threat detection architecture.

What you'll do

• Evaluate, advise, and deploy new security technologies alongside other technologies Information Security and peer partners (e.g. Platform Engineering, IT).  
• Design, architect, and implement scalable detection pipelines across cloud (e.g. AWS, Azure, GCP) endpoints, identity, DLP, and SaaS platforms that support proactive threat identification and response.
• Mature our Security Information and Event Management (SIEM) and centralized logging capabilities, focusing on enrichment, correlation, and high-signal detections.
• Develop detection-as-code practices and CI/CD pipelines for deployment and tuning of detection logic.
• Make thoughtful long-term architectural design and strategy decisions for our  Cloud Native Application Protection Platform (CNAPP) to ensure coverage, efficiencies and reduce false positives while maintaining continuity across multiple infrastructure environments.
• Work with infrastructure-as-code (IAC) technologies to establish automated security configurations for platform hardening and cloud-native control enforcement.
• Collaborate closely with AppSec offensive security, and Cloud Engineering teams to identify detection opportunities and test control efficacy.
• Partner with our Technical Leadership Team (TLT) to provide feedback and guidance related to security operational decisions to support the product development of our platform. 
• Implement necessary security changes to support our Identity Governance Access (IAG) program and Role-Based Access Control (RBAC) models.
• Contribute to third-party vulnerability and penetration testing engagements and feed learnings into the broader detection engineering strategy.
• Continuously improve our vulnerability management program by triaging issues and identifying gaps in pre-production versus post-production detection.
• Ensure alignment to industry frameworks such as CIS Controls, ISO 27XXX, and NIST, embedding defensible security practices across the stack.
• Act as the Incident Commander of the Security Incident Response Team (SIRT), overseeing triage, containment, and forensics during investigations.

What you'll bring

• 7+ years in detection engineering, security operations, or a similar role, with a strong track record building detection logic in large-scale or cloud-native environments.
• Experience architecting and deploying detection pipelines across platforms like AWS, GCP, or Azure using tools such as Chronicle, Splunk, Panther, or open-source equivalents.
• Strong red + blue team mindset: you think like an attacker and build defenses that go beyond surface-level detection.
• Expertise in cloud control plane monitoring, identity threat detection, and infrastructure log analysis.
• Deep familiarity with adversary TTPs (MITRE ATT&CK), anomaly-based detection techniques, and event correlation strategies.
• Experience operationalizing detection-as-code pipelines (e.g., CI/CD for detection logic).
• Ability to communicate detection priorities and incident insights to technical and non-technical stakeholders.
• Authored and maintained infrastructure security policies, standards, and procedures
• History of working on a Security Incident Response Team (SIRT) investigating events, triaging potential incidents, containing environments, conducting forensics analysis
• Experience evaluating, running PoCs, and deploying new security tooling solutions.