Staff Security Engineer

Our Opportunity: 

Snyk is seeking an experienced Staff Security Engineer to join our Enterprise Security team. In this cross-functional role, you will serve as the primary support for our Security Operations Center (SOC) and SIEM infrastructure. In this advanced role, you will move beyond day-to-day alert triage to architect and scale our detection and response capabilities across the organization. You will be responsible for defining the strategic roadmap for our SIEM and SOAR platforms, developing sophisticated detection content, and creating automated response playbooks to neutralize complex threats.

This position requires deep technical expertise to mentor senior analysts, lead high-stakes incident response efforts, and drive the continuous improvement of our security posture.

You’ll Spend Your Time:

• Architect and manage the SIEM platform, overseeing log source integration, data parsing, and system health to ensure optimal performance and visibility.

• Help with incident response efforts, coordinating technical analysis, containment strategies, and communication during critical security events.

• Develop and fine-tune advanced detection logic, correlation rules, and threat analytics to identify sophisticated attacker techniques (TTPs).

• Mentor and technically enable senior and junior SOC analysts, acting as an escalation point for complex investigations and upleveling the team's skills.

• Design and implement automation playbooks using SOAR (Security Orchestration, Automation, and Response) tools to streamline investigations and accelerate response times.

• Proactively hunt for threats by developing hypotheses, querying large datasets, and analyzing attacker behavior that evades standard detections.

• Define and report on key SOC metrics (e.g., MTTD, MTTR) to leadership, translating technical data into business risk and driving strategic improvements.

• Evaluate and integrate new security technologies, threat intelligence feeds, and data sources to continuously mature the organization's detection and response capabilities.

What You’ll Need:

• Expert-level SIEM knowledge (e.g., Splunk, Elastic, Microsoft Sentinel, Panther), including data model optimization, advanced query languages (SPL, KQL), and creating complex correlation rules.

• Deep understanding of the MITRE ATT&CK Framework and the ability to map adversary techniques (TTPs) to specific detection logic and security controls.

• Proficiency in SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR) and scripting (Python, PowerShell) to build and maintain robust automation playbooks.

• Threat hunting experience, including developing hypotheses, analyzing anomalous behavior, and pivoting through large datasets without a starting alert.

• Ability to operationalize threat intelligence, integrating feeds, and identifying relevant indicators (IoCs) and behaviors to enhance detection.

• Demonstrated experience in technical mentorship, with the ability to review and improve the work of senior analysts and level up the team's capabilities.

• Strong understanding of cloud security monitoring (AWS, Azure, GCP), including logging services (CloudTrail, Azure Monitor) and cloud-native security tools.

• Excellent communication and documentation skills to report on metrics and help with the creation of detailed IR and SOC procedures.

• Knowledge of host-based analysis on Mac OS and Linux operating systems. 

• Experience evaluating and deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS). 

• Bachelor’s degree in computer science, information security, or Information Technology (or equivalent practical experience).

• Relevant information security certifications are highly desired. Examples include, but are not limited to:

  • CISSP (Certified Information Systems Security Professional)

  • AWS Certified Security - Specialty

  • Google Cloud Certified - Professional Cloud Security Engineer

  • GMON (GIAC Continuous Monitoring Certification)

  • GCIH (GIAC Certified Incident Handler)

  • GCDA (GIAC Certified Detection Analyst)

  • GCFA (GIAC Certified Forensic Analyst)

  • OSCP (Offensive Security Certified Professional)

  • OSEP (Offensive Security Experienced Penetration Tester)

We’d be Lucky if You: 

• Have worked within the DevSecOps or AI Industry.

#LI-TF1

We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!

About Snyk

Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.

Benefits & Programs

- Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.

- Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development

- Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers

- Health benefits, employee assistance plans, and annual wellness allowance

- Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances