Our company builds enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a product ecosystem that processes massive volumes of operational data.
We don't have a perfect view of our environment today. Some signals exist but aren't being used. Some don't exist yet. Your job is to change that.
We want to know what's happening across our organization — from dark web signals and external threats, to corporate systems, cloud infrastructure, user behavior, application errors, and product anomalies. Today, no one owns that picture end-to-end. You will.
This is not a SOC analyst role. You won't be triaging a ticket queue or watching dashboards someone else built. You'll be building the visibility layer from the ground up and briefing us on what matters.
What You'll Do
Own our threat awareness across every surfaceCollect, monitor, filter, enrich, and relay external signals: dark web, threat feeds, CVEs, vendor advisoriesTrack what's happening inside: corporate systems, cloud infrastructure, IdP, messaging and communication, endpoints, and application behavior.Be the first to know when something looks wrong — and be able to explain it clearlyBuild a library of business cases for visibility and monitoring, then implement them.Start with Sumo Logic, grow into ElasticTake ownership of our Sumo Logic SIEM: collectors, pipelines, data quality, and detection logicWork toward integrating our Elastic/APM stack to extend visibility into product and platform behaviorTune signal over noise — don't just ingest everything, make what we have trustworthyBuild solutions where they don't existExtract security-relevant data from sources that weren't designed to provide itWrite scripts, build pipelines, and create custom solutions when tools don't cover the gapShow daily progress — small improvements compoundMake visibility actionableBrief leadership regularly on attack surface, unusual activity, and emerging threatsTranslate technical signals into clear, decision-ready informationIdentify problems early enough that we can act, not just react
What You Bring
3+ years in security engineering, detection engineering, or a hands-on security operations roleExperience owning a SIEM end-to-end — not just using oneComfort with AWS environments and a variety of log sources from cloud to apps to hostsAbility to develop automation and scripts and build tooling (Python, Bash, or similar)Strong instincts for what matters — you know the difference between noise and signalClear communicator who can brief a non-technical audience on threat postureNice to have:Experience with Sumo Logic or Elastic StackFamiliarity with threat intelligence sources, dark web monitoring, or OSINTExposure to product/application telemetry and APM tooling