Security Engineer – Visibility, Detection & Response (QB - SE - 20250113) at Celara | Torre
Security Engineer – Visibility, Detection & Response (QB - SE - 20250113)
Report
warning

Heads-up

The job you’re trying to post already exists in Torre:

Security Engineer – Visibility, Detection & Response (QB - SE - 20250113)

You'll define security visibility, transforming data into actionable intelligence across complex systems.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Full-time

Legal agreement: Employment

Provide your expected compensation while applying
location_on
Remote (anywhere)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Posted 6 months ago

Requirements and responsibilities


Job DescriptionWe build enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a growing product ecosystem that processes massive volumes of operational data. Security here is not about checkbox compliance or alert theater. It’s about knowing what’s happening in our systems early enough to matterWhat You'll OwnOwn Security Visibility Across the CompanyOwn our Sumo Logic SIEM end-to-end:CollectorsPipelinesDetectionsData qualityCost vs. value tradeoffsEnsure security telemetry exists across:Corporate systemsCloud infrastructurePlatform and product componentsThird-party vendorsBuild detections only after validating the underlying signal is trustworthy.This is not “just writing rules.” You are responsible for whether we can see things at all.Build Product & Platform Telemetry (Hard Problems)Our product generates hundreds of millions of events through APM and platform systems — most of which we cannot ingest directly today.You will:Identify what security-relevant signals should existWork with engineering to find or extract themDesign creative approaches when:Logs don’t existData volume is extremeNative tools don’t scaleBuild custom solutions when necessaryYou’re not expected to boil the ocean — you are expected to make smart tradeoffs.Improve Operational Awareness (Beyond Alerts)Not everything becomes an alert.You’ll help build visibility into things like:Patch and update status across platform componentsConfiguration driftRuntime state and exposure windowsChanges that materially increase riskMuch of this data exists today only in fragments. Your job is to aggregate, normalize, and make it useful.Turn External Threats into Internal ActionWe monitor:CVEsVendor advisoriesSecurity releasesDark-web activity relevant to us and our vendorsBut monitoring alone isn’t enough. You’ll:Quickly determine applicability to our environmentCorrelate external signals to internal assetsDrive investigations, detections, or remediationHelp shorten the gap between “this exists” and “we’ve responded”Lead Security Incident ResponseYou will be the default Incident Commander for security events. That means:Leading investigations end-to-endCoordinating across infrastructure, application, and systems teamsDriving clear decisions and communicationRunning post-incident reviews and forcing learnings back into the systemIf something happens and no one knows who’s in charge — that’s a failure this role owns.What You Bring3+ years in security engineering, detection engineering, or incident responseHands-on experience with SIEMs and large-scale log dataStrong understanding of cloud environments (especially AWS)Experience investigating across logs, identity, network, and applicationsAbility to build or automate solutions (Python, scripting, etc.)Strong communication skills — especially during incidentsExperience with product telemetry, data engineering, or platform security is a plus.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.