WorkWave

Compensation

Full Description

We are seeking a Security Operations Engineer with a builder’s mindset to join our team. In this role, you will bridge the gap between Security and Engineering, partnering with our engineering teams to consolidate our logging and build a unified observability platform (logs, metrics, synthetics). You will be the primary architect of our detection logic, responsible for implementing our new SIEM and transforming raw data into high-fidelity alerts. While you will not be the sole monitor of our environment, you will serve as the technical escalation point for our MDR provider (Sophos) and the primary owner of our incident response framework—building the runbooks, playbooks, and triage guides that define how we respond to threats. This is a unique opportunity for an experienced professional to step up from day-to-day analysis and own the design and implementation of a modern detection and response program. WHAT YOU'LL DO: \n SIEM Implementation & Detection Engineering Serve as the primary implementer for the new SIEM solution, configuring data ingestion and tuning the platform for optimal performance. Own the security observability platform on Grafana (Loki/LogQL, Prometheus/PromQL, Grafana Alerting; OTel for collection), including onboarding sources, parsing, enrichment, and alert routing. Own the "Content Engineering" lifecycle: Write, test, and tune detection rules and queries (LogQL, PromQL, SPL, KQL, SQL, etc.) to identify malicious activity with low false-positive rates. Partner with the Engineering team to ensure the new observability platform captures the right security telemetry and logs. Serve as the primary operator for security monitoring and initial incident triage, participating in the on-call rotation. Telemetry Engineering & Observability (Security) Define logging standards and required security telemetry for product and infrastructure. Own log onboarding, parsing, enrichment, normalization, retention, and cost controls. Build dashboards and SLOs for security telemetry health (coverage, latency, drop rate). Incident Response & Process Development Develop and maintain the library of Incident Response documents, including Triage Books, Runbooks, and Playbooks for future on-call rotation. Act as the primary technical liaison for our MDR provider (Sophos), ensuring they have the context needed to monitor effectively. Lead deeper analysis and threat hunting investigations for complex alerts escalated by the MDR or internal teams. Own alert routing and incident tracking integration (PagerDuty + Jira/Slack), including severity model, escalation paths, and reporting. Lead incident coordination, write post-incident reviews, and drive corrective actions with Engineering. Own phishing detection/response workflows and playbooks (user reports, triage, containment). Operational Health & Optimization Continuously evaluate the efficacy of alerts and automations; refine logic to reduce alert fatigue. Assist in defining log schemas to ensure data is parsed correctly for both security and engineering use cases. Evaluate and implement AI-assisted tools to streamline query generation and dashboard creation. Own the integration and correlation between MDR alerts and internal SIEM/incident tracking. Implement least-privilege access to security telemetry and ensure logging pipelines avoid sensitive data leakage. WHAT YOU'LL BRING: 5-7 years of total experience in Information Security or Security Operations. Proven experience transitioning from a "consumer" of alerts (Analyst) to a "builder" of detections (Engineer). Demonstrated experience working with SIEM/observability platforms (Grafana/Loki preferred; Splunk/Elastic/Sentinel/Datadog acceptable), specifically in creating dashboards, reports, and writing complex queries. Experience working with Managed Detection and Response (MDR) providers or MSSPs is highly preferred. Background in partnering with DevOps or Engineering teams on logging or observability initiatives is a plus. Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent work experience. Industry certifications such as GCIH, GCIA, GCED, GMON, Security+, CySA+ or related are highly desirable. YOUR TECHNICAL TOOLKIT: Query Languages: Strong proficiency in query languages (e.g., LogQL, PromQL, KQL, SPL, SQL) to interrogate data and build dashboards. Detection Logic: Ability to translate threat intelligence and MITRE ATT&CK techniques into actionable detection rules. Response Frameworks: Deep understanding of the Incident Response Lifecycle (NIST or SANS) and experience writing clear, executable runbooks. Light Scripting: Familiarity with Python or similar scripting languages for automation or API integration is beneficial (though not a primary coding role). WHAT SETS YOU APART: Operator-to-Builder Mindset: The ability to understand the "pain" of a bad alert and the drive to engineer a better solution. Cross-Functional Collaboration: Ability to work effectively with Engineering teams to align on data formatting and ingestion without friction. Autonomy: Capable of prioritizing work and driving the SIEM implementation forward with minimal oversight. \n $130,000 - $150,000 a year In our dedication to salary transparency, we provide a compensation range for each role and the final offer will be dependent on various factors, including the candidate's qualifications, relevant experience, and the organization's budget. Our hiring team will provide more information about the compensation package for this position during the interview process. Please note that salary estimates provided by websites (LinkedIn, Glassdoor, etc.) and not by WorkWave may not accurately reflect the actual salary range for the position. \n WHAT YOU SHOULD KNOW ABOUT US: • We are laid back but buttoned up. We offer a casual work environment and remote work flexibility and have a passion for developing creative, innovative best in class solutions that directly contribute to the success of our customers • We care deeply and deliver service and solutions that make a real difference in the lives of our clients and their businesses • We openly accept others as they are and build strong partnerships based on trust • Teamwork and collaboration is key to help our colleagues and customers solve their challenges • Our team is energetic, fun, naturally inquisitive and eager to make an impact, we invite you to join us! LOVE WHAT YOU DO, NO MATTER WHERE YOU DO IT: • Join our Remote-First Global Work Community: WorkWave provides an innovative and dynamic remote-first Global Work Community that encourages growth, creativity, and collaboration. No matter what stage of your career or where you live, WorkWave is your place to be part of a global company with a startup feel, where your ideas matter and your growth is a priority. A GLOBAL COMPANY WITH A LOCAL PRESENCE: • We know that there are benefits of being in the office and working from home. WorkWave promotes a healthy work/life balance and provides employees with the flexibility of collaborating in the office or the option to work virtually if desired. Our teams are well versed at working collaboratively in a fully virtual environment. • Our HQ is based at our state of the art home office in the historic Bell Works complex located in Holmdel Township, New Jersey. We keep our offices available to all to use when working remotely isn’t feasible, or to help with cross training, team building and/or brainstorming. • We have employees in over 30 states, 7 countries and many regional offices - each with their own set of perks and opportunities to give back to the local community. • Whether you work remotely or take advantage of one of our offices, you’ll find a community of WorkWavers that value diversity, and care deeply about our products, clients, our communities and each other. RELAX, WE'VE GOT YOU COVERED: • Employees can expect a robust benefits package, including health and dental and 401k with company match AND BEYOND... • Find your perfect work/life balance with our Flexible Time Off policy or generous PTO plan (role dependent) and paid holidays • Up to 4 weeks paid bonding leave • Tuition reimbursement • Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more! • 24/7 access to virtual medical care with Teladoc • Quarterly awards based on peer nominations • Regional discounts and perks • Opportunities to participate in charitable events and give back to the community GROW WITH US: • We understand the impact of attracting and keeping top talent and reward intellectual curiosity and a thirst for personal and professional growth • Encouraging our employees that already have an intimate knowledge of and passion for our products to apply for other roles within our walls just makes sense! • Our employees have access to extensive video libraries for soft skill and role specific training available 24/7 and live trainings are provided throughout the year JOIN OUR WINNING TEAM! • 10 Time winner of Best Place to Work in New Jersey by NJBiz! • WorkWave has been recognized with multiple awards for its outstanding products, growth and culture, including the Inc. 5000, SaaS Award, IT World Awards, Globe Awards, Silver Stevie Award for Employer of the Year, and Best Place to Work Inc. Magazine • Recently named one of The Software Report's 3rd annual list of the Top 100 Software Companies of 2022 (worldwide!) We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, age, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status: Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At WorkWave, we are dedicated to building a diverse, inclusive and authentic workplace, so if you feel like you could make a great impact in this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may just be the right candidate for this or other roles!