Security Engineer – Detection & Visibility (QB - SE - 20260306)

Job Description

• Our company builds enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a product ecosystem that processes massive volumes of operational data. We don't have a perfect view of our environment today. Some signals exist but aren't being used. Some don't exist yet. Your job is to change that. We want to know what's happening across our organization — from dark web signals and external threats, to corporate systems, cloud infrastructure, user behavior, application errors, and product anomalies. Today, no one owns that picture end-to-end. You will. This is not a SOC analyst role. You won't be triaging a ticket queue or watching dashboards someone else built. You'll be building the visibility layer from the ground up and briefing us on what matters.
• What You'll Do Own our threat awareness across every surface Collect, monitor, filter, enrich, and relay external signals: dark web, threat feeds, CVEs, vendor advisories Track what's happening inside: corporate systems, cloud infrastructure, IdP, messaging and communication, endpoints, and application behavior. Be the first to know when something looks wrong — and be able to explain it clearly Build a library of business cases for visibility and monitoring, then implement them. Start with Sumo Logic, grow into Elastic Take ownership of our Sumo Logic SIEM: collectors, pipelines, data quality, and detection logic Work toward integrating our Elastic/APM stack to extend visibility into product and platform behavior Tune signal over noise — don't just ingest everything, make what we have trustworthy Build solutions where they don't exist Extract security-relevant data from sources that weren't designed to provide it Write scripts, build pipelines, and create custom solutions when tools don't cover the gap Show daily progress — small improvements compound Make visibility actionable Brief leadership regularly on attack surface, unusual activity, and emerging threats Translate technical signals into clear, decision-ready information Identify problems early enough that we can act, not just react
• What You Bring 3+ years in security engineering, detection engineering, or a hands-on security operations role Experience owning a SIEM end-to-end — not just using one Comfort with AWS environments and a variety of log sources from cloud to apps to hosts Ability to develop automation and scripts and build tooling (Python, Bash, or similar) Strong instincts for what matters — you know the difference between noise and signal Clear communicator who can brief a non-technical audience on threat posture Nice to have: Experience with Sumo Logic or Elastic Stack Familiarity with threat intelligence sources, dark web monitoring, or OSINT Exposure to product/application telemetry and APM tooling
• We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
• apply for this job