Security Engineer

Snyk is the leader in secure AI software development, helping millions of developers develop fast and stay secure as AI transforms how software is built. Our AI-native Developer Security Platform integrates seamlessly into development and security workflows, making it easy to find, fix, and prevent vulnerabilities - from code and dependencies to containers and cloud.

Our mission is to empower every developer to innovate securely in the AI era - boosting productivity while reducing business risk. We're not your average security company - we build Snyk on One Team, Care Deeply, Customer Centric, and Forward Thinking.

It's how we stay driven, supportive, and always one step ahead as AI reshapes our world.

Snyk is seeking an experienced Staff Security Engineer to join our Enterprise Security team. In this cross‑functional role, you will serve as the primary support for our Security Operations Center (SOC) and SIEM infrastructure. In this advanced role, you will move beyond day‑to‑day alert triage to architect and scale our detection and response capabilities across the organization. You will be responsible for defining the strategic roadmap for our SIEM and SOAR platforms, developing sophisticated detection content, and creating automated response playbooks to neutralize complex threats.

This position requires deep technical expertise to mentor senior analysts, lead high‑stakes incident response efforts, and drive the continuous improvement of our security posture.

• Architect and manage the SIEM platform, overseeing log source integration, data parsing, and system health to ensure optimal performance and visibility.
• Help with incident response efforts, coordinating technical analysis, containment strategies, and communication during critical security events.
• Develop and fine‑tune advanced detection logic, correlation rules, and threat analytics to identify sophisticated attacker techniques (TTPs).
• Mentor and technically enable senior and junior SOC analysts, acting as an escalation point for complex investigations and up leveling the team's skills.
• Design and implement automation playbooks using SOAR (Security Orchestration, Automation, and Response) tools to streamline investigations and accelerate response times.
• Proactively hunt for threats by developing hypotheses, querying large datasets, and analyzing attacker behavior that evades standard detections.
• Define and report on key SOC metrics (e.g., MTTD, MTTR) to leadership, translating technical data into business risk and driving strategic improvements.
• Evaluate and integrate new security technologies, threat intelligence feeds, and data sources to continuously mature the organization's detection and response capabilities.

• Expert‑level SIEM knowledge (e.g., Splunk, Elastic, Microsoft Sentinel, Panther), including data model optimization, advanced query languages (SPL, KQL), and creating complex correlation rules.
• Deep understanding of the MITRE ATT&CK Framework and the ability to map adversary techniques (TTPs) to specific detection logic and security controls.
• Proficiency in SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR) and scripting (Python, Power Shell) to build and maintain robust automation playbooks.
• Threat hunting experience, including developing hypotheses, analyzing anomalous behavior, and pivoting through large datasets without a starting alert.
• Ability to operationalize threat intelligence, integrating feeds, and identifying relevant indicators (IoCs) and behaviors to enhance detection.
• Demonstrated experience in technical mentorship, with the ability to review and improve the work of senior analysts and level up the team's capabilities.
• Strong understanding of cloud security monitoring (AWS, Azure, GCP), including logging services (Cloud Trail, Azure Monitor) and cloud‑native security tools.
• Excellent communication and documentation skills to report on metrics and help with the creation of detailed IR and SOC procedures.
• Knowledge of host‑based analysis on Mac OS and Linux operating systems.
• Experience evaluating and deploying cybersecurity solutions in a public cloud environment (IaaS,…