Senior Threat Detection and Response Engineer - Blue Team

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking, emphasizing connections among individuals within creative industries, and requires a selective application process. Raya App, Inc., also offers "Places," a travel application that provides curated destination recommendations. Both applications underscore the company's focus on fostering private online communities and upholding values such as trust, respect, and privacy. This role is responsible for leading our internal threat detection and incident response capabilities, combining operations with operational engineering. The Senior Threat Detection and Response Engineer acts as the primary operational owner and subject matter expert for the security tooling ecosystem (e.g., EDR, SIEM, CNAPP, NDR), ensuring maximum effectiveness for threat identification and containment. A core function is serving as the primary liaison and operational overseer of the virtual Security Operations Center (vSOC). Additionally, this role is crucial for ensuring the rapid detection, effective analysis, and initial containment of all security threats, owning the critical vulnerability management process, and managing the production of the monthly security newsletter and annual security awareness training. We offer comprehensive medical and dental coverage, $50 a day food delivery budget, equity based employment, a great culture, learning opportunities, unlimited vacation, 12 weeks paid parental leave, and we pay all employees $1,000 a year to go somewhere in the world that they’ve never been because of our values of human connection, empathy, and curiosity. Responsibilities • Threat Detection & Security Tool Management • Platform Ownership (Operational Focus): Act as the primary internal operations owner and subject matter expert for key security platforms, including Endpoint Detection and Response (EDR), Cloud Detection and Response (CDR), Cloud-Native Application Protection Platform (CNAPP), Security Information and Event Management (SIEM), and Network Detection and Response (NDR). Triage findings from tools like Shodan, Horizon3.ai, and ZeroFox. • Operational Optimization: Continuously monitor, tune, and optimize security tool configurations to ensure maximum detection efficacy and minimize false positives, focusing on the strategic direction of the platforms. • Signal Integrity: Proactively monitor and implement solutions to detect sensor and logging signal loss across all security platforms to ensure complete visibility. • Use Case Development: Collaborate with internal and vSOC teams to develop, test, and implement new detection use cases and correlated alerts within the SIEM and other platforms. • Shared Engineering: Partner closely with the Infrastructure Security Engineer role regarding the foundational engineering, deployment, and infrastructure health of these security platform • Proactive Threat Hunting: Regularly execute threat hunting exercises based on current threat intelligence, internal knowledge, and platform capabilities to identify stealthy, pre-execution, or undetected threats across the environment. • Vulnerability Triage & Prioritization: Immediately triage, prioritize, and drive remediation for critical security vulnerabilities and security findings (e.g., from CNAPP or vulnerability scanners) that warrant treatment as a high-severity security incident. • Incident Response (IR) and Digital Forensics (DFIR) • Triage and Initial Handling: Serve as the internal escalation point for critical alerts from the vSOC. Perform rapid triage, scoping, and initial handling/containment for security incidents. • Small-Scale Forensics: Handle end-to-end incident response and digital forensics for small-scale, routine incidents (e.g., minor malware infections, policy violations). • Outsourced IR Coordination: Act as the technical lead and liaison for larger, complex security incidents, coordinating activities and providing necessary data and context to retained external incident response firms. • Process Improvement: Develop, refine, and maintain internal runbooks, playbooks, and Standard Operating Procedures (SOPs) for incident response and threat hunting. • vSOC Oversight and Partnership • Liaison: Serve as the primary technical point of contact between our internal teams and the external vSOC/MSSP partner. • Performance Monitoring: Oversee the vSOC's performance, ensuring adherence to established SLAs and quality standards for alert handling, monitoring, and reporting. • Strategic Direction: Guide the vSOC's focus by communicating organizational risks, strategic priorities, and desired operational outcomes. • Reporting: Generate and present regular reports on operational security metrics, incident trends, and vSOC performance to internal stakeholders. • Security Awareness and Communication • Monthly Security Newsletter: Produce and distribute a mandatory monthly security newsletter covering threat intelligence, tool adoption, compliance/best practices, and internal case studies. • Annual Security Awareness Training: Develop, update, and manage the mandatory annual security awareness training for all personnel, focusing on relevance, engagement, and high-risk behaviors. Qualifications • Experience: 5+ years of experience in Security Operations, Threat Hunting, Incident Response, or a closely related field. • Tooling Expertise: Expert-level hands-on operational and tuning experience with one or more major platforms across EDR (e.g., CrowdStrike, SentinelOne), SIEM (e.g., Splunk, Microsoft Sentinel), and Cloud Security (e.g., CNAPP solutions) • .Operational Skills: Strong understanding of security alert analysis, log review, data correlation techniques, threat modeling, and alert suppression/refinement • IR/DFIR Knowledge: Proven experience in incident triage, evidence preservation, chain of custody, and basic forensic analysis techniques. • IR Handling Certification: You must have one of the following: CISSP-ISSAP (Incident Response content within CISSP) – (ISC)²GIAC Certified Incident Handler (GCIH) – GIACGIAC Cyber Threat Intelligence (GCTI) – GIACGIAC Network Forensic Analyst (GNFA) – GIACGIAC Certified Forensic Analyst (GCFA) – GIACCertified Ethical Hacker (CEH) – EC-CouncilEC-Council Certified Incident Handler (ECIH) – EC-CouncilCertified Computer Examiner (CCE) – IACISEnCase Certified Examiner (EnCE) – Guiding TechCertified Forensic Computer Examiner (CFCE) – ISFCECREST Registered Incident Handler (CRIH) – CRESTCREST Certified Incident Manager (CCIM) – CRESTISO/IEC 27035 Lead Implementer (IR process) – PECB/OTHERCertified Digital Forensics Examiner (CDFE) – Mile2CompTIA Cybersecurity Analyst (CySA+) — CompTIA • Networking/OS: Solid understanding of network protocols, operating system internals (Windows, macOS, Linux), and cloud environments (AWS, Azure, or GCP). • Cloud Expertise: Deep understanding of threat detection and incident response within major cloud environments (AWS, Azure, or GCP), including knowledge of cloud logging sources, native security tools, and common attack paths. • Container Security: Familiarity with security concepts and threat detection within container orchestration platforms, such as Kubernetes, OpenShift, or similar variants. • Soft Skills: Excellent communication, documentation, and partnership management skills. Preferred Qualifications • Certification Preference: GIAC Certified Incident Handler (GCIH) is highly preferred. • Network Detection Experience: Direct experience with deploying, configuring, and tuning network security monitoring tools (e.g., Suricata, Snort, Zeek, Corelight) or similar commercial network detection and response (NDR) solutions, especially within cloud environments (AWS/Azure/GCP). • Scripting/Automation: Proficiency in scripting languages (e.g., Python, GoLang) for automating security tasks, incident response steps, or data analysis. • Cloud-Native Tools: Experience with native cloud security services (e.g., AWS Security Hub, Azure Sentinel, GCP Security Command Center). We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Apply tot his job