Senior Security Engineer, Security Operations

Role

The Senior Security Engineer, Security Operations will design, build, and operate security and fraud monitoring, detection, and response capabilities across GoodLeap’s systems and services. This role partners closely with product, engineering, IT, and business teams to select and integrate security tooling, implement detection logic, run threat hunting and investigations, and lead incident response activities.

Key Responsibilities

• Lead security and fraud monitoring, detection, and response activities including investigations and threat hunting.
• Identify misuse and abuse cases, design event detection strategies across logs and systems, and implement monitoring/detection solutions.
• Design, select, and operate the monitoring/detection/response platform (e.g., SIEM, SOAR, EDR) and associated integrations.
• Create and maintain incident response playbooks; participate in and refine incident response execution.
• Support embedded product security by implementing product-focused monitoring and detection solutions.
• Contribute to and develop components of the security analytics platform; support vulnerability and tools management.
• Engage with vendors in design partnerships and support cross-functional teams outside of security.

Requirements

• Strong communicator with experience leading technical architecture discussions and conveying technical topics to non-technical audiences.
• Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, and automation/orchestration.
• Experience with threat modeling methodologies.
• Experience with EDR platforms such as CrowdStrike, S1, Palo Alto Cortex EDR, or similar solutions.
• Experience with AWS services including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM; familiarity with GCP and/or Azure is a plus.
• Practical experience with CI/CD pipelines and DevOps tools and IaC (Terraform, Pulumi, or CDK); experience with GitHub and GitHub Actions.
• Familiarity with secrets management and artifact management; experience with Doppler and HashiCorp Vault mentioned.
• Proficiency writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms.
• Experience designing and implementing monitoring/detection for enterprise systems (ERP, HCM, Salesforce).
• Experience with penetration testing/red team exercises, vulnerability and threat management, and identity/authentication use cases.
• Experience working with AI/ML based toolsets, including creation of AI skills, agents, MCP clients, and vibe coding.

Tools & Technologies (mentioned)

SIEM, SOAR, agentic SOC, EDR (CrowdStrike, S1, Palo Alto Cortex EDR), AWS (KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, IAM), GCP, Azure, ERP/HCM/Salesforce integrations, AI/ML toolsets and agents, MCP clients, Terraform, Pulumi, CDK, GitHub, GitHub Actions, Doppler, HashiCorp Vault, REST/GraphQL APIs.

Compensation & Other

The posting notes this role may be eligible for a bonus and equity. No base salary or salary range was provided.