Senior CSIRT Engingeer

Vultr

$110K — $130K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in detection engineering or a related role
  • Hands-on experience with SIEM rule authoring and platform administration
  • Proficient in developing SOAR workflows and automated responses
  • Experience with EDR platforms and policy configurations
  • Solid scripting skills in PowerShell, Bash, Python, and query languages
  • Background in conducting investigations and threat hunting
  • Understanding of MITRE ATT&CK for attack techniques and detection logic

Responsibilities

  • Engineer and maintain detection rules in SIEM and EDR platforms
  • Administer and optimize SIEM platform, including log source onboarding
  • Design and implement SOAR automation workflows for incident triage
  • Develop integrations between various security tools
  • Map detection coverage to MITRE ATT&CK to close gaps
  • Identify improvements for security visibility and telemetry
  • Support incident response with investigation and containment efforts

Benefits

  • Flexible work environment
  • Opportunity for professional development
  • Access to advanced security tools and technologies
  • Collaboration with a skilled team of security professionals
  • Participation in challenging and impactful security projects
Full Job Description
Join Vultr

The Vultr CSIRT (Computer Security Incident Response Team) is looking for a Senior CSIRT Engineer to join our team, reporting to the Senior Manager of Incident Response. In this role, you will own the SIEM and EDR platforms by administering, optimizing, and building detection content. You will design and implement automation workflows using SOAR and develop integrations across our security tooling stack. You will also work alongside CSIRT Analysts to investigate security events, conduct threat hunts, and support incident response.

Key Responsibilities
  • Engineer, tune, and maintain detection rules and analytics in the SIEM and EDR platforms
  • Administer SIEM platform health, parser configuration, log source onboarding, and data pipeline optimization.
  • Design and build SOAR playbooks and automated response workflows to streamline triage, enrichment, and containment.
  • Develop and maintain integrations between security tools (SIEM, EDR, SOAR, SEG, TIP, DLP, ticketing)
  • Map detection coverage to MITRE ATT&CK to identify and close gaps
  • Identify and drive improvements to security visibility across the environment, including new log sources, enrichment opportunities, and telemetry gaps
  • Assist with investigation of security events, from alert through remediation
  • Assist with conducting threat hunts across organizational telemetry
  • Assist incident response with log analysis, artifact collection, and containment
  • Manage EDR platform coverage, sensor health, and policy configuration
  • Coordinate with Threat Intelligence to translate intel into deployed, actionable detection logic
  • Coordinate with Security Engineering on infrastructure integrations and log pipeline architecture
  • Document detection logic, automation workflows, and operational procedures


Qualifications
  • Minimum of 5 years experience in detection engineering, SIEM engineering, SOAR engineering, Security Operations, or a closely related role
  • Hands-on SIEM experience at an engineering level: rule authoring, parser development, log source integration, platform administration.
  • Experience building SOAR workflows and automated response playbooks.
  • Experience with EDR platforms, including policy configuration, telemetry analysis, and live response.
  • Demonstrated proficiency in PowerShell, Bash, Python, common Query Languages (FQL, KQL, EQL, LEQL, MQL, etc) and YARA, SIGMA, and CAPA rules.
  • Experience conducting security investigations, threat hunting, and incident response
  • Solid understanding of attack techniques and detection logic mapped to MITRE ATT&CK
  • Proficiency with Linux, MacOS, and Windows.


Nice to Have
  • Experience with cloud infrastructure environments
  • Familiarity with data loss prevention concepts and insider threat detection patterns
  • Certifications such as BTL1, BTL2, CCD, CCSP, CKA, CKS, CJDE, CISSP, GCDA, GCED, GCFA, GCIH, GCIA, GCTD, GNFA, etc.
  • Experience in SOC2, ISO 27001, FedRAMP, or GDPR environments.

Compensation

$110,000 - $130,000

Final compensation will vary depending on years of experience, background/skill set, location, and applicable laws.

Similar Jobs

More Jobs at Vultr

More Information Technology Jobs

Find similar Senior CSIRT Engingeer jobs: