Security Operations Engineer I

About The Position

Requirements

• 3+ years of experience in security engineering, security operations, or a related discipline
• Demonstrated, hands-on experience leading incident response efforts, including complex, multi-system investigations
• Strong threat detection engineering experience: writing detection rules, tuning alerts, building correlation logic, and reducing false positive rates at scale
• Proficiency in at least one programming or scripting language (Python strongly preferred; Go, Ruby, or Bash also relevant) — you regularly write code to solve security problems, not just configure tools
• Deep familiarity with SIEM platforms (e.g., Splunk, ELK, Chronicle, Panther, or similar) including query languages and datra data onboarding.
• Experience with cloud environments (AWS, GCP, or Azure) and the associated log sources, threat models, and detection strategies
• Strong understanding of attacker tactics, techniques, and procedures (TTPs); experience mapping detections to MITRE ATT&CK
• Excellent written and verbal communication skills; able to convey technical risk clearly to non-technical stakeholders

Nice To Haves

• Experience operating in a SOC environment, either in-house or as part of an MSSP
• Familiarity with SOAR platforms and automation-driven response workflows
• Experience with threat intelligence platforms and operationalizing threat feeds into detection pipelines
• Prior involvement in third-party or vendor security risk programs
• Experience at high-growth technology companies or marketplaces where scale and velocity present unique security challenges
• Familiarity with data engineering concepts — streaming pipelines, schema design, log normalization — applied to security contexts
• Relevant certifications (GCIH, GCIA, GCFE, OSCP, or equivalent) are a plus, but not required

Responsibilities

• Lead and coordinate security incident response end-to-end: detection, triage, containment, eradication, recovery, and post-incident review
• Develop and maintain incident response playbooks
• Drive root cause analysis and translate findings into durable improvements to detection and prevention capabilities
• Act as an escalation point for complex or high-severity incidents across the organization
• Design, build, and tune detection rules, event correlation logic, and behavioral analytics across cloud, endpoint, network, and application data sources
• Assist in maintaining a threat model for StubHub's environment and mapping detection coverage to the MITRE ATT&CK framework
• Proactively hunt for threats and indicators of compromise across the environment
• Collaborate with red team and pen test partners to validate detection coverage and identify gaps
• Continually improve SIEM capabilities including data ingestion pipelines, normalization, enrichment, and alerting workflows
• Own log collection strategy: define what gets collected, at what fidelity, and for how long across cloud providers, SaaS applications, endpoints, and internal services
• Write and maintain parsers, ETL pipelines, and data transformation logic to ensure high-quality signal in the SIEM
• Own and operate security tooling where needed (SIEM, SOAR, EDR, etc.)
• Write internal software in Python, Go, or similar to automate detection, response, enrichment, and reporting workflows
• Build integrations between security tools, internal APIs, and third-party services to accelerate analyst workflows and reduce mean time to respond
• Develop dashboards, metrics, and reporting to communicate operational health and coverage to security leadership
• Contribute to shared security infrastructure and internal libraries used across the security engineering organization
• Support the third-party security program by evaluating vendor security posture, reviewing assessments, and triaging risk findings
• Build or maintain tooling to automate third-party risk intake, tracking, and reporting
• Collaborate with Legal, Procurement, and Engineering to ensure third-party risks are identified and remediated appropriately

Benefits

• Competitive base, equity, and upside
• Unlimited Flex Time Off
• 401k
• Premium Health, Vision, and Dental Insurance options
• Paid parental leave