Join the company that’s building the telemetry infrastructure for the AI era. At Cribl, we partner with IT and Security teams at many of the world’s biggest enterprises, including half of the Fortune 100, to bridge the gap between AI ambition and infrastructure reality. As the AI Platform for Telemetry, we give customers the choice, control, and flexibility to manage and analyze telemetry for both humans and agents, so they can build what’s next. We’re one of the fastest‑growing private companies and a leading player in a massive, fast‑moving market. With a global workforce, we’re remote‑first and grounded in a simple idea: software is a people business. Cribl is the place where curious, collaborative people can do their best work, grow fast, and bring their full selves to the herd. Why You’ll Love This Role The Staff Security Operations Engineer will be a pivotal member of Cribl’s Information Security team, primarily responsible for strengthening our security posture through robust security operations and advanced threat detection. You will help lead security incident management, triage, and investigations, and be instrumental in developing innovative solutions to remediate current threats and proactively prevent future attacks. A key aspect of this role will be designing, implementing, and optimizing detection logic to identify sophisticated threats across our environment. You will partner closely with Product Security, IT, and Legal teams, and report to the Sr. Director, Security Engineering and Operations under the CISO. As An Active Member Of Our Team, You Will… * Provide knowledge and experience in working with modern security principles e.g. SIEM, security data lakes, detection as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management. * Utilize a strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPs * Understanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM * Experience scripting/coding in at least one of the following languages: Python, NodeJS, Ruby, Bash * Be the go-to technical subject matter expert on security, compliance, and assurance topics * Communicate ideas to technical and non-technical audiences * Comfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross-functionally * We are a remote-first company and work happens across many time-zones – you may be required to occasionally perform duties outside your standard working hours If You’ve Got It - We Want It * Monitoring security events and alerting via our security tooling, including MSSP, SIEM, AI, and CSPM tooling, to identify and triage potential threats * Developing, implementing, and maintaining high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risks * Conducting continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacy * Responding to issues identified by our Cribl employees * Acting as a security incident response lead, including leveraging and improving detection capabilities during investigations * Building, enhancing, and managing security playbooks, incorporating detection engineering best practices * Conducting security assessments of corporate assets through vulnerability testing, threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunities * Performing both internal and external security reviews of corporate properties e.g., the corporate website and enterprise applications * Leading security incident response tabletop exercises * Continuing to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilities * Collaborating with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategies * Experience with SIEM platforms like Panther is a plus and its detection capabilities * Familiarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCP * Relevant certifications in cloud security or incident response (e.g., SANS GIAC certifications) * Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms #LI-KJ1 #LI-Remote The salary for this role is dependent on geographic location and will be based on the individual candidate's job-related knowledge, skills, and experience. In addition to base salary, for sales and some sales-adjacent roles, employees are eligible to earn incentive compensation (commission). For all other roles, employees are eligible to participate in the Cribl Corporate Bonus Program. In addition to a competitive salary, Cribl also offers a generous benefits package which includes health, dental, vision, short-term disability, and life insurance, paid holidays and paid time off, a fertility treatment benefit, 401(k), and equity. Base Salary Range $128,000—$200,000 USD Bring Your Whole Self Diversity drives innovation, enables better decisions to support our customers, and inspires change for the better. We’re building a culture where differences are valued and welcomed, and we work together to bring out the best in each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. Interested in joining the Cribl herd? Learn more about the smartest, funniest, most passionate goats you’ll ever meet at cribl.io/about-us.