Senior Cyber Security Operations Center Specialist

Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

The Role

We are seeking an experienced Senior Cyber Security Operations Center Specialist to join our growing Security Operations Center (SOC) and help strengthen SoFi's cybersecurity posture. This position will report to the Director of the Security Operations Center and will collaborate closely with Product Security, Tools, Automation and Operations, and Engineering teams.

The Security Operations Center (SOC) team is responsible for detecting, analyzing, and responding to threats against SoFi's infrastructure and assets. As a Senior Cyber Security Operations Center Specialist, you will lead incident handing efforts, perform advanced threat hunting, and conduct offensive security operations to proactively identify vulnerabilities and strengthen our defensive capabilities by simulating real-world attack scenarios.

In this role, you will be at the forefront of SoFi's security operations, protecting our organization by investigating, containing, remediating, and documenting security incidents while continuously improving our detection and response capabilities through both defensive measures and offensive security testing.

What you’ll do:

• Lead security incident investigations, including triage, containment, eradication, and recovery phases
• Conduct proactive threat hunting to identify potential security gaps and adversary activities
• Perform blue team defensive operations while leveraging red team offensive security knowledge to anticipate attack vectors
• Plan and execute red team operations to test security controls and identify vulnerabilities
• Develop and enhance detection rules and correlation logic to identify sophisticated threats
• Execute Digital Forensics and Incident Response (DFIR) activities during security incidents
• Create and maintain incident response playbooks and procedures
• Participate in on-call rotation for critical security incidents
• Mentor junior analysts and contribute to the team's professional development
• Collaborate with cross-functional teams to improve security posture and response capabilities

What you’ll need:

• 5+ years of experience in cybersecurity with focus on SOC operations and incident response
• Experience with cloud security monitoring and incident response in AWS, Azure, or GCP environments
• Strong background in threat hunting methodologies and techniques
• Expertise in DFIR processes, tools, and techniques (e.g., Digital Forensics, eDiscovery, Internal Investigations)
• Experience leading incident response activities and coordinating cross-functional response teams
• Proficiency with SIEM platforms, EDR solutions, and security orchestration tools
• Strong background in data collection and log analysis techniques
• Knowledge of common attack frameworks (MITRE ATT&CK) and threat intelligence sources
• Strong communication skills and ability to explain technical concepts to various audiences
• Excellent analytical and problem-solving skills with attention to detail

Nice to have:

• Demonstrated experience in both blue team (defensive) and red team (offensive) security operations
• Experience planning and executing offensive security operations and adversary emulation
• Participation in security competitions, CTFs, or bug bounty programs
• Familiarity with containerization technologies (Docker, Kubernetes) and their security implications
• Relevant certifications (e.g., SANS GIAC, CISSP, OSCP)

Compensation and Benefits The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.    To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.