Cribl

Senior Security Operations Engineer

Cribl

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $128,000 - $200,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudGoogle Cloud PlatformNode.jsPythonRubySplunk

About the role

  • The Security Operations Engineer will be a pivotal member of Cribl’s Information Security team, primarily responsible for strengthening our security posture through robust security operations and advanced threat detection.
  • You will lead security incident management, triage, and investigations, and be instrumental in developing innovative solutions to remediate current threats and proactively prevent future attacks.
  • A key aspect of this role will be designing, implementing, and optimizing detection logic to identify sophisticated threats across our environment.
  • You will partner closely with Product Security, IT, and Legal teams, and report to the Sr. Director, Security Engineering and Operations under the CISO.

Requirements

  • Provide knowledge and experience in working with modern security principles e.g. security data lakes, detections as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management.
  • Utilize a strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPs
  • Understanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM
  • Experience scripting/coding in at least one of the following languages: Python, NodeJS, Ruby, Bash
  • Be the go-to technical subject matter expert on security, compliance, and assurance topics
  • Communicate ideas to technical and non-technical audiences
  • Comfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross-functionally
  • Experience with SIEM platforms like Panther is a plus and its detection capabilities
  • Familiarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCP
  • Relevant certifications in cloud security or incident response (e.g., SANS GIAC certifications)
  • Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms
Benefits
  • health, dental, vision, short-term disability, and life insurance
  • paid holidays and paid time off
  • a fertility treatment benefit
  • 401(k)
  • equity
  • eligibility for a discretionary company-wide bonus
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security operationsthreat detectionincident managementdetection logicscriptingPythonNodeJSRubyBashdetection rules
Soft Skills
communicationanalytical acumenself-motivatedcross-functional collaborationcomfort with ambiguity
Certifications
SANS GIAC