Security Engineer – Visibility, Detection & Response

Share on LinkedIn
AWSInformation Security Specialist

Full Time - Long Term - Senior

English - C1 Advanced
Remote

What You'll Own

Own Security Visibility Across the Company

  1. Own our Sumo Logic SIEM end-to-end:
  2. Collectors
  3. Pipelines
  4. Detections
  5. Data quality
  6. Cost vs. value tradeoffs
  7. Ensure security telemetry exists across:
  8. Corporate systems
  9. Cloud infrastructure
  10. Platform and product components
  11. Third-party vendors
  12. Build detections only after validating the underlying signal is trustworthy.

This is not “just writing rules.” You are responsible for whether we can see things at all.


Build Product & Platform Telemetry (Hard Problems)

Our product generates hundreds of millions of events through APM and platform systems — most of which we cannot ingest directly today. You will:

  1. Identify what security-relevant signals should exist
  2. Work with engineering to find or extract them
  3. Design creative approaches when:
  4. Logs don’t exist
  5. Data volume is extreme
  6. Native tools don’t scale
  7. Build custom solutions when necessary

You’re not expected to boil the ocean — you are expected to make smart tradeoffs.


Improve Operational Awareness (Beyond Alerts)

Not everything becomes an alert.

You’ll help build visibility into things like:

  1. Patch and update status across platform components
  2. Configuration drift
  3. Runtime state and exposure windows
  4. Changes that materially increase risk

Much of this data exists today only in fragments. Your job is to aggregate, normalize, and make it useful.


Turn External Threats into Internal Action

We monitor:

  1. CVEs
  2. Vendor advisories
  3. Security releases
  4. Dark-web activity relevant to us and our vendors

But monitoring alone isn’t enough. You’ll:

  1. Quickly determine applicability to our environment
  2. Correlate external signals to internal assets
  3. Drive investigations, detections, or remediation
  4. Help shorten the gap between “this exists” and “we’ve responded”


Lead Security Incident Response

You will be the default Incident Commander for security events. That means:

  1. Leading investigations end-to-end
  2. Coordinating across infrastructure, application, and systems teams
  3. Driving clear decisions and communication
  4. Running post-incident reviews and forcing learnings back into the system

If something happens and no one knows who’s in charge — that’s a failure this role owns.


What You Bring

  1. 3+ years in security engineering, detection engineering, or incident response
  2. Hands-on experience with SIEMs and large-scale log data
  3. Strong understanding of cloud environments (especially AWS)
  4. Experience investigating across logs, identity, network, and applications
  5. Ability to build or automate solutions (Python, scripting, etc.)
  6. Strong communication skills — especially during incidents

Experience with product telemetry, data engineering, or platform security is a plus.


  • 1HR Screening
  • 2Interview with Manager
  • 3Interview with Team
  • 4Cultural Fit
APPLY