Cyber Security Specialist protecting digital estate from threats at the University of Edinburgh. Focused on identifying and mitigating cyber risks while supporting teaching and research services.
About the role
- Security Operations Lead overseeing global SOC operations and AI product integration at Replit. Leading monitoring and incident response across multi-cloud environments and AI workloads.
Responsibilities
- Lead, mentor, and scale a global SOC team responsible for 24/7 monitoring, alert intake, triage, correlation, and escalation.
- Build operational rigor: processes, runbooks, SLAs, metrics, and quality standards for high-scale environments.
- Cover monitoring across:
- - Cloud infrastructure (GCP, AWS, Azure)
- - Kubernetes/GKE/EKS/AKS clusters
- - SaaS platforms (Google Workspace, GitHub, Slack, Okta, etc.)
- - Endpoints (macOS, Linux, Windows) including EDR/XDR telemetry
- - Developer platforms + CI/CD pipelines
- - AI/ML systems and model-serving workflows
- Evaluate, adopt, and integrate AI-native SOC technologies for triaging, detection, and correlation.
- Identify opportunities to automate triage, investigations, enrichment, and reporting.
- Serve as the internal expert on the capabilities and limitations of AI-based SOC tooling.
- Own the entire SIEM ecosystem—ingestion, normalization, correlation, enrichment, tuning, dashboards, and metrics.
- Develop high-fidelity detections for:
- - Cloud-native attacks
- - Identity threats and lateral movement
- - SaaS misconfigurations and privilege abuse
- - Endpoint malware/behavior anomalies
- - Insider threats and account takeover patterns
- - Use MITRE ATT&CK, MITRE Cloud Matrix, and threat intel to drive detection coverage.
- Lead day-to-day triage and threat analysis activities, ensuring accurate categorization and prioritization.
- Drive complex investigations involving correlated events across cloud, SaaS, endpoints, and developer platforms.
- Guide root cause analysis and work with owners to drive remediation and architectural improvements.
- Communicate threats, gaps, and trends to leadership and engineering stakeholders.
- Partner with Cloud Security on cloud posture and preventative controls.
Requirements
- 7+ years of experience in Security Operations, with 3+ years in a senior or lead capacity.
- Experience leading or collaborating with 24/7 SOC environments (internal, hybrid, or MSSP).
- Strong experience with SIEM platforms (Chronicle, Splunk, Elastic, Sentinel, Panther, etc.).
- Deep understanding of:
- - Cloud security monitoring (GCP required; AWS/Azure preferred)
- - SaaS security monitoring (Okta, Google Workspace, GitHub, Slack, etc.)
- - Endpoint security telemetry (EDR/XDR tools such as CrowdStrike, SentinelOne, or Defender)
- - Kubernetes and container detection
- Hands-on detection engineering skills, event correlation, threat hunting, and log analysis.
- Familiarity with AI-based SOC platforms and LLM-driven detection/triage tools.
- Strong understanding of identity security, OAuth/OIDC, and API telemetry patterns.
- Experience with SOAR and scripting (Python, Go, Bash).
- Knowledge of MITRE ATT&CK, cloud kill chains, behavioral detections, and detection lifecycle management.
Benefits
- Competitive Salary & Equity
- 401(k) Program
- Health, Dental, Vision and Life Insurance
- Short Term and Long Term Disability
- Paid Parental, Medical, Caregiver Leave
- Commuter Benefits
- Monthly Wellness Stipend
- Autonoumous Work Environement
- In Office Set-Up Reimbursement
- Flexible Time Off (FTO) + Holidays
- Quarterly Team Gatherings
- In Office Amenities
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cybersecurity Incident Response Analyst detecting and responding to cyber threats at NOV. Collaborating using AI tools to enhance cybersecurity operations across IT, cloud, and OT environments.
Lead Specialist in Security Operations, enhancing detection engineering and incident response at Pearson. Collaborate with teams and drive process improvements in a high - paced environment.
Security Engineer II at AvidXchange enhancing security operations and incident response. Collaborating with teams to develop, tune and improve security monitoring and automation capabilities.
Director leading security operations strategy and overseeing investigations at Ford Motor Company. Responsible for global investigations, crisis management, and team leadership.
Cloud Security Engineer at Artemys designing and maintaining secure Azure infrastructures, overseeing security monitoring and incident management.
Lead global Cyber Detect and Respond team at Assa Abloy, ensuring timely incident response and security compliance. Oversee operations while collaborating across IT and business functions for effective threat management.
Lead Cybersecurity Analyst responsible for technical leadership of a 24x7 SOC team at AT&T. Drive operational standards, incident response, and continuous improvement initiatives.
Security Engineer safeguarding AWS environments for Genesys Cloud mission. Handling advanced threats and collaborating with SecDev, PenTest, DevOps, and SRE teams.
Senior Security Operations Center Analyst protecting computer systems and data through investigation and incident response. Collaborating with IT leaders and mentoring junior analysts in security operations.