Senior Security Operations Engineer

About UsAt Resilience, we’re creating a new category that integrates cybersecurity, cyber insurance, and cyber risk management.
Founded in 2016 by experts from across the highest tiers of the US military and intelligence communities – and built by prominent leaders and innovators from the insurance, technology, and cybersecurity industries – Resilience is rewriting the rules of how cyber risk is assessed, measured, and managed. Our integrated cyber risk solutions connect risk quantification software, cybersecurity experts, and A+ rated cyber insurance, all purpose-built for middle and large organizations. 
Guided strongly by our mission and four core values - transparency, excellence, grit, and humility, our culture uniquely blends many different backgrounds, experiences, and skills from across industries and geographies - all focused on helping our clients and partners stay ahead of the bad guys. We are a cybersecurity company, a Cyber and Tech E&O-focused MGA, a fintech startup, and a data science powerhouse, all purposefully built into one. 
Resilience is proud to be backed by leading technology investment firms, including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience’s team is globally dispersed, with offices in New York, Chicago, Baltimore, Los Angeles, Toronto, and London. Resilience offers insurance coverage through its licensed and appointed insurance agents and security services through its expert security team.  
Resilience is seeking an extraordinary Senior Security Operations Engineer.  This position is part of the Information Security team which defends Resilience’s endpoints and its SaaS platform.  Ideal candidates will have experience with security operations, associated automation technologies, public cloud, and SIEM. 
Your role will primarily focus on enabling the Director of Security Operations to automate and scale Resilience’s security workflows.  This will entail managing SIEM ingestion, cataloguing and refining detections, response automation, SOAR playbook development, and technical documentation.  It will also involve working with partner teams such as Information Technology, Engineering, DevOps, the Risk Operations Center, and Business Operations to ensure outputs from security operations are timely and actionable.  As the program scales, it will increasingly involve the enablement and automation of Threat Hunting, GRC, and Security Architecture workflows.

Responsibilities:

• Develop dashboards, automations, and SOAR playbooks to triage security alerts.
• Serve as a system owner and subject matter expert for the SIEM. 
• Manage the ingestion of appropriate logging into the SIEM.
• Participate in the alert review process to identify tuning and automation opportunities.
• Refine inbound and outbound logging and tasking workflows with teams such as IT, DevOps, Threat Intelligence, Risk Operations Center, and Business Operations.
• Maintain written documentation for security logging ingest and automation which can be communicated and shared with partner teams that need to implement them.
• Participate in security architecture and integration reviews, as required.
• Participate in security investigations when required.
• Integrate security and business intelligence tools into detection, response, and GRC workflows and tooling.

Qualifications:

• A desire and ability to work in a highly skilled, cross-functional, and growing team, including learning new technologies where required.
• Bachelor's degree or higher, or equivalent work experience of 5-10 years. 
• Intermediate or better knowledge of scripting languages like Python and Bash as it relates to automation and knowledge of log formats, parsing, and collection.
• Experience maintaining or being a power user of a SIEM.  Experience with SumoLogic is preferred but other leading platforms are a plus.
• Strong writing and communications skills to both business and technical stakeholders.
• Experience with Endpoint Detection and Response (EDR) such as Crowdstrike. 
• Experience with Amazon Web Services and other public clouds.
• Experience securely integrating systems via APIs via both “off-the-shelf” integrations exist and writing custom ones when required.
• Experience with SOAR playbook development is highly desirable.
• A desire and ability to work in a highly skilled, cross-functional, and growing team, including learning new technologies where required.
• Experience working in a Security Operations Center (SOC) is highly desirable.
• Certifications relevant to Security Operations, Automation, and Digital Forensics are desirable but not required.  Ex. GPYC, GCFR, GEIR, AWS Certified Security - Specialty.

What Resilience Offers YouInnovative company cultureFlexible work schedulesFamily paid leavePaid healthcare for employees401kProfessional development & career advancementsFlexible paid time offEmployee referral bonus
Accommodations and AccessibilityWe want to ensure you're able to perform as well as possible in your interview. As part of that, if you have any accessibility-related needs to ensure a comfortable visit, please let us know. We'll do our best to provide reasonable accommodations to suit your working style during your interview and if you join our team.
If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to our Human Resources team at recruiter@arceo.ai.
Beware of Job ScamsResilience is excited to welcome talented individuals to explore career opportunities with us. However, we urge you to stay vigilant against recruitment scams where fraudsters may impersonate our company. We will never ask for payments, conduct interviews via chat rooms, or contact candidates from personal email accounts. All job applications must be submitted through our official platform at lever.co, and interviews will only take place via approved Resilience accounts. If you receive suspicious outreach or have concerns, please contact us directly at recruiter@arceo.ai to verify authenticity. Thank you for helping us maintain a safe and secure recruitment process.