Security Engineer – Visibility & Detection

What This Role Is

You are our eyes. We want to know what's happening across our organization — from dark web signals and external threats, to corporate systems, cloud infrastructure, user behavior, application errors, and product anomalies. Today, no one owns that picture end-to-end. You will. This is not a SOC analyst role. You won't be triaging a ticket queue or watching dashboards someone else built. You'll be building the visibility layer from the ground up and briefing us on what matters.

What You'll Do

Own our threat awareness across every surface

● Collect, monitor, filter, enrich, and relay external signals: dark web, threat feeds, CVEs, vendor advisories

● Track what's happening inside: corporate systems, cloud infrastructure, IdP, messaging and communication, endpoints, and application behavior.

● Be the first to know when something looks wrong — and be able to explain it clearly

● Build a library of business cases for visibility and monitoring, then implement them.

Start with Sumo Logic, grow into Elastic

● Take ownership of our Sumo Logic SIEM: collectors, pipelines, data quality, and detection logic

● Work toward integrating our Elastic/APM stack to extend visibility into product and platform behavior

● Tune signal over noise — don't just ingest everything, make what we have trustworthy

Build solutions where they don't exist

● Extract security-relevant data from sources that weren't designed to provide it

● Write scripts, build pipelines, and create custom solutions when tools don't cover the gap

● Show daily progress — small improvements compound

Make visibility actionable

● Brief leadership regularly on attack surface, unusual activity, and emerging threats

● Translate technical signals into clear, decision-ready information

● Identify problems early enough that we can act, not just react

What You Bring

● 3+ years in security engineering, detection engineering, or a hands-on security operations role

● Experience owning a SIEM end-to-end — not just using one

● Comfort with AWS environments and a variety of log sources from cloud to apps to hosts

● Ability to develop automation and scripts and build tooling (Python, Bash, or similar)

● Strong instincts for what matters — you know the difference between noise and signal

● Clear communicator who can brief a non-technical audience on threat posture

Nice to have:

● Experience with Sumo Logic or Elastic Stack

● Familiarity with threat intelligence sources, dark web monitoring, or OSINT

● Exposure to product/application telemetry and APM tooling