Security Platform Engineer

Overview

🔐
Security Platform Engineer (Detection Engineering & SOC Buildout)

Hybrid | Rockville or Tysons (3 days onsite)

Splunk ES | Splunk SOAR | Detection Engineering | Regular Shift #TS-9035

• Our client, an AWS partnered analytics organization, owns the world’s largest financial data store and runs continuous analytics on global stock data movement with the goal of being ahead of potential bad actors in the market. Highlights:
• We own the world’s largest financial store (37 petabytes and growing) and look at 155+ billion financial transactions daily— more than Twitter, Visa®, Pay Pal and Facebook combined.
• Leading Innovator in Machine Learning/AI, Big Data, AWS, trading algorithms
• AWS- select Partner: forging one of the biggest and most unique partnerships formed with AWS.
• Deep culture of internal upskilling
• Named 2020 #1 best place to work for US organizations with up to 5k employees

So, this engineer will help build the engineering part of the SOC

Must have’s:

• Has been part of a good SOC and can use their experience/ provide guidance on how to build/improve SOC from an engineering perspective
• Detection Engineering
• Splunk Enterprise (Splunk ES) and Splunk SOAR (this is ideal; can be trained)

We are building the engineering foundation of a modern, enterprise SOC and are looking for a Security Platform Engineer who has seen a good SOC done right and can help us design, mature, and scale ours.

Important: This is NOT a SOC analyst role
.

You will not be monitoring alerts or working shifts. This is a regular business-hours engineering role focused on detection engineering, automation, and SOC platform design
.

🧠
The Opportunity

We’ve established an internal SOC and core enterprise security tooling. Now we need an experienced engineer to help define:

• What a mature SOC should look like
• How detection engineering and automation should be built
• How Splunk ES and SOAR should be designed, tuned, and scaled

You’ll bring real-world SOC experience and help build the engineering side of the SOC
, enabling analysts to be effective through better detections, automation, and platform design.

🔍
What You’ll Do

Detection Engineering

• Design and implement high-quality detection use cases aligned to MITRE ATT&CK
• Build, tune, and maintain correlation searches, alerts, dashboards, and ES content in Splunk Enterprise Security
• Perform detection coverage gap analysis and define a roadmap to improve visibility
• Implement Risk-Based Alerting (RBA) to reduce noise and improve signal quality
• Develop detections across on-prem and multi-cloud environments (AWS, Azure, GCP)

Security Automation & Orchestration

• Design and build automated response playbooks using Splunk SOAR
• Integrate security tools to enable automated investigation and response workflows
• Develop scripts and automation using Python, Power Shell, or Bash
• Build reusable automation frameworks that scale across use cases

SOC Architecture & Engineering Vision

• Help define what “good” looks like for a mature SOC from an engineering perspective
• Identify gaps in the current SOC platform and provide clear technical guidance to improve it
• Establish standards, best practices, and frameworks for detection engineering and automation
• Mentor internal engineers on SOC engineering concepts and approaches
• Contribute to long-term SOC platform and capability strategy
• Partner with SOC analysts to understand investigation workflows and improve detections
• Work with threat intelligence and threat hunting teams to operationalize research
• Collaborate with platform engineering on infrastructure and reliability
• Document detection logic, playbooks, and platform architecture

✅
Must-Have Qualifications

• 5+ years of experience in a SOC environment
  , with exposure to mature SOC operations
• Hands-on experience with Splunk Enterprise Security (ES)
• Experience designing or contributing to SOC platforms and detection programs
• Strong understanding of MITRE ATT&CK
• Ability to provide technical guidance on how to build and improve a SOC

⭐
Preferred / Nice to Have

• Hands-on experience with Splunk SOAR (Phantom) (training can be provided)
• Risk-Based Alerting (RBA) implementation experience
• Threat hunting background applied to detection engineering
• Cloud security monitoring experience (AWS, Azure, GCP)
• Splunk UEBA or behavioral analytics exposure
• Experience mentoring or leading detection engineering efforts
• Relevant certifications (GIAC, CISSP, or similar)
• Reports to the Director of Security Platform Engineering
• Senior individual contributor role with clear growth into a technical lead position
• Opportunity to shape SOC engineering standards and build a best-in-class detection program

🌟
Why This Role

• Build—not babysit—a SOC
• No alert queue, no shift work
• Work with industry-leading security platforms
• Shape the future of enterprise security operations