Is the Security Engineer – Visibility, Detection & Response (QB - SE - 20250113) role at Celaralabs remote?

Yes, the Security Engineer – Visibility, Detection & Response (QB - SE - 20250113) role at Celaralabs is a remote position.

Security Engineer – Visibility, Detection & Response (QB - SE - 20250113)

CelaralabsRemote3d ago

We build enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a growing product ecosystem that processes massive volumes of operational data.

Security here is not about checkbox compliance or alert theater. It’s about knowing what’s happening in our systems early enough to matter

What You'll Own

Own Security Visibility Across the Company

Own our Sumo Logic SIEM end-to-end:

Collectors

Pipelines

Detections

Data quality

Cost vs. value tradeoffs

Ensure security telemetry exists across:

Corporate systems

Cloud infrastructure

Platform and product components

Third-party vendors

Build detections only after validating the underlying signal is trustworthy.

This is not “just writing rules.” You are responsible for whether we can see things at all.

Build Product & Platform Telemetry (Hard Problems)

Our product generates hundreds of millions of events through APM and platform systems — most of which we cannot ingest directly today.

You will:

Identify what security-relevant signals should exist

Work with engineering to find or extract them

Design creative approaches when:

Logs don’t exist

Data volume is extreme

Native tools don’t scale

Build custom solutions when necessary

You’re not expected to boil the ocean — you are expected to make smart tradeoffs.

Improve Operational Awareness (Beyond Alerts)

Not everything becomes an alert.

You’ll help build visibility into things like:

Patch and update status across platform components

Configuration drift

Runtime state and exposure windows

Changes that materially increase risk

Much of this data exists today only in fragments. Your job is to aggregate, normalize, and make it useful.

Turn External Threats into Internal Action

We monitor:

CVEs

Vendor advisories

Security releases

Dark-web activity relevant to us and our vendors

But monitoring alone isn’t enough. You’ll:

Quickly determine applicability to our environment

Correlate external signals to internal assets

Drive investigations, detections, or remediation

Help shorten the gap between “this exists” and “we’ve responded”

Lead Security Incident Response

You will be the default Incident Commander for security events. That means:

Leading investigations end-to-end

Coordinating across infrastructure, application, and systems teams

Driving clear decisions and communication

Running post-incident reviews and forcing learnings back into the system

If something happens and no one knows who’s in charge — that’s a failure this role owns.

What You Bring

3+ years in security engineering, detection engineering, or incident response

Hands-on experience with SIEMs and large-scale log data

Strong understanding of cloud environments (especially AWS)

Experience investigating across logs, identity, network, and applications

Ability to build or automate solutions (Python, scripting, etc.)

Strong communication skills — especially during incidents

Experience with product telemetry, data engineering, or platform security is a plus.