Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. We’re searching for a Senior Security Engineer - Detection & Response.

In this role, you will

• Build, test and maintain threat detection controls for the Aurora Driver & enterprise
• Build, operate and maintain a mature Security Operations program
• Lead investigations of cybersecurity events
• Design, implement, and tune detection capabilities to identify and remediate malicious activity.
• Continually improve and create detection tools, craft high-fidelity signaling, remove noise, and reduce manual investigative efforts.
• Collaborate with cross-functional teams to identify, craft and implement custom workflow detection strategies.
• Analyze adversarial techniques and develop detection approaches across our diverse environments.
• Analyze logs to enhance risk and detection capabilities.
• Collaborate with Incident Response and Security Operations during investigations and incidents.
• Develop custom tooling to improve and accelerate analysis during investigations.
• Drive continuous improvement of the detection framework, playbooks, and workflow automation
• Contribute to the design and development of engineering solutions that support enterprise wide security initiatives
• Keep the InfoSec team apprised of modern attack techniques and continually integrate knowledge into new or existing detections
• Act as an internal subject matter expert and mentor other members of the security team
• Participate in an on-call rotation

Required Qualifications

• Experience deploying and using SIEM tools, data pipelines, logging ecosystems.
• Experience with Endpoint Security tools like Crowdstrike Falcon, OSQuery
• Experience with DevSecOps, CI/CD, and associated technologies (e.g. Git, Terraform, Puppet)
• Experience securing operating systems (Linux, MacOS, Windows, Android)
• Experience crafting logic to detect anomalous use, network, host, or cloud activity
• Experience with distributed systems, cloud security, or cloud networking
• Experience applying detection and response concepts to on-premise and cloud environments, specifically AWS, Kubernetes
• Understanding of MITRE ATT&CK framework and associated threat actor techniques
• Ability to write quality, robust, testable code in at least one programming language (e.g. Python, Go)

Desirable Qualifications

• Experience using data lakes for security
• Experience with big data tools and methodologies (e.g. SQL and data warehouse technology)
• Experience designing and implementing solutions for a Zero Trust Architecture
• Experience working with auditd, sysmon, kprobe, ebpf, or similar low level data collection frameworks

The base salary range for this position is $171,000-$273,000 per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

#LI-DW1

#Mid-Senior