logo inner

Senior Security Operations Engineer

CriblUnited KingdomRemote

Cribl does differently. 
What does that mean? It means we are a serious company that doesn’t take itself too seriously; and we’re looking for people who love to get stuff done, and laugh a bit along the way. We’re growing rapidly - looking for collaborative, curious, and motivated team members who are passionate about putting customers first. As a remote-first company we believe in empowering our employees to do their best work, wherever they are. As the data engine for IT and Security many of the biggest names in the most demanding industries trust Cribl to solve their most pressing data needs.

Ready to do the best work of your career? Join the herd and unlock your opportunity.

Why You’ll Love This Role


The Senior Security Operations Engineer will be a pivotal member of Cribl’s Information Security team, primarily responsible for strengthening our security posture through robust security operations and advanced threat detection. You will lead security incident management, triage, and investigations, and be instrumental in developing innovative solutions to remediate current threats and proactively prevent future attacks. A key aspect of this role will be designing, implementing, and optimizing detection logic to identify sophisticated threats across our environment.

You will partner closely with Product Security, IT, and Legal teams, and report to the Chief Information Security Officer.

As An Active Member Of Our Team, You Will...


  • Knowledge of, and experience in, working with modern security principles e.g. security data lakes, detections as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management.
  • Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms.
  • Strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPs
  • Understanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM
  • Experience scripting/coding in at least one of the following languages: Python, NodeJS, Ruby, Bash
  • Be the go-to technical subject matter expert on security, compliance, and assurance topics
  • Excellent communication skills and ability to communicate ideas to technical and non-technical audiences
  • Comfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross functionally

If You’ve Got It - We Want It


  • Monitoring security events and alerting via our security tooling including MSSP, SIEM, AI, and CSPM tooling to identify and triage potential threats
  • Developing, implementing, and maintaining high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risks
  • Conducting continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacy
  • Responding to issues identified by our Cribl employees
  • Acting as a security incident response lead, including leveraging and improving detection capabilities during investigations
  • Building, enhancing, and managing security playbooks, incorporating detection engineering best practices
  • Conducting security assessments of corporate assets through vulnerability testing and threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunities
  • Performing both internal and external security reviews of corporate properties e.g. the corporate website and enterprise applications
  • Leading security incident response tabletop exercises
  • Continuing to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilities
  • Collaborating with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategies
  • Experience with SIEM platforms like Panther is a plus and its detection capabilities
  • Familiarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCP
  • Relevant certifications in cloud security or incident response (e.g., SANS GIAC certifications)

#LI-LK1#LI-Remote

Bring Your Whole Self


Diversity drives innovation, enables better decisions to support our customers, and inspires change for the better. We’re building a culture where differences are valued and welcomed, and we work together to bring out the best in each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.Interested in joining the Cribl herd? Learn more about the smartest, funniest, most passionate goats you’ll ever meet at cribl.io/about-us. 

Life at Cribl

Cribl is a company built to solve customer challenges and enable customer choice. Its solutions deliver innovative and customizable controls to route security and machine data where it has the most value. We call this an observability pipeline, and it helps slash costs, improve performance, and get the right data, to the right destinations, in the right formats, at the right time. Join the dozens of early adopters, including market leaders such as TransUnion and Autodesk, to take control and shape your data. Founded in 2017, Cribl is headquartered in San Francisco, CA.
Thrive Here & What We Value- Remotefirst company- Fastgrowing- Missiondriven- Serious but not too serious- Emphasis on doing good for customers and communities- Collaborative team committed to high quality software- Deployed in large organizations, managed by experienced teams- Trustworthy Data Engine for IT and Security- Embracing Differences and Valuing Them- Building a culture where differences are welcomited and encouraged
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025