Galaxy

Security Engineer

Galaxy

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

AWSAzureCloudGoogle Cloud PlatformPythonSplunkSQL

About the role

  • Develop, test, and tune detection rules, signatures, and alerts across SIEM, EDR, IDS/IPS, and other monitoring platforms.
  • Continuously optimize existing detection logic to reduce false positives and improve detection accuracy.
  • Create advanced queries, dashboards, and hunting content to proactively identify anomalous activity.
  • Collaborate with SOC analysts to validate findings and enrich detection capabilities.
  • Provide content and playbooks to accelerate incident triage and response.
  • Automate repeatable SOC processes and workflows using SOAR platforms.
  • Leverage internal and external threat intelligence to inform detection engineering.
  • Develop indicators and rules to detect tactics, techniques, and procedures (TTPs) mapped to the MITRE ATT&CK framework.
  • Partner with SOC analysts, threat hunters, and red teams to ensure detection coverage for key attack vectors.
  • Document and maintain detection content, response playbooks, and knowledge bases.

Requirements

  • 3+ years of experience in a SOC, detection engineering, or threat hunting role.
  • Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, QRadar, Azure Sentinel).
  • Proficiency in query languages such as Splunk SPL, KQL, SQL, or Elastic Query DSL.
  • Familiarity with endpoint detection tools (EDR), IDS/IPS, and cloud security monitoring solutions.
  • Strong understanding of MITRE ATT&CK, cyber kill chain, and threat detection methodologies.
  • Scripting experience (Python, PowerShell, or Bash) for automation and content development.
  • Strong analytical and problem-solving skills.
  • Ability to communicate complex technical findings clearly to both technical and non-technical stakeholders.
  • Collaborative mindset with a passion for knowledge sharing and continuous improvement.
  • Bonus: Experience with SOAR platforms (e.g., Phantom, Demisto/XSOAR, Tines).
  • Bonus: Background in reverse engineering or malware analysis.
  • Bonus: Security certifications such as GCIA, GCIH, GCDA, GCFA, OSCP, or Splunk Certified Engineer.
  • Bonus: Cloud security experience (AWS, Azure, or GCP).
Cyberhaven

Data Protection Analyst

Cyberhaven
Junior · Midfull-time🇮🇳 India
Posted: 2 days agoSource: jobs.ashbyhq.com
AWSAzureCloudGoogle Cloud PlatformLinuxMacOSSQL
Kaseya

Senior Forensic Analyst

Kaseya
Seniorfull-timeFlorida · 🇺🇸 United States
Posted: 15 days agoSource: boards.greenhouse.io
AWSAzureCloudCyber SecurityGoogle Cloud Platform
PDQ

Security Analyst

PDQ
Mid · Seniorfull-timeUtah · 🇺🇸 United States
Posted: 9 days agoSource: ats.rippling.com
AzureCloudCyber SecurityElixirGoogle Cloud PlatformJavaScriptKubernetesLinuxPythonRubySaltStackSDLC
MBL Technologies Inc.

CyberArk Engineer

MBL Technologies Inc.
Mid · Seniorfull-timeDistrict of Columbia, Washington · 🇺🇸 United States
Posted: 24 days agoSource: recruiting.paylocity.com
AWSAzureCloudCyber SecurityFirewallsJavaScriptLinuxSplunkSQL
CSI

DevSecOps Engineer

CSI
Mid · Seniorfull-time🇺🇸 United States
Posted: 13 days agoSource: csiweb.wd1.myworkdayjobs.com
AnsibleAWSAzureCloudCyber SecurityDNSFirewallsGoogle Cloud PlatformJenkinsPythonSDLCSplunk+1 more