[Remote] Senior Security Engineer

Note: The job is a remote job and is open to candidates in USA. Sandisk is a leading company in the computer hardware industry, known for its innovative solutions in data consumption. They are seeking a highly experienced Senior Security Engineer to design and improve the security tooling ecosystem for their Security Operations Center (SOC), focusing on the reliability and effectiveness of SOC platforms.

Responsibilities

• Engineer, deploy, and maintain all core SOC platforms, including:
• Malware analysis and sandboxing solutions
• Analyst workstation environments (Windows investigation VMs)
• Endpoint Detection & Response (EDR/XDR)
• Email Security Engineering
• Vulnerability Scan Engineering
• Act as technical owner for SOC platforms, including alignment with architecture requirements, lifecycle management, upgrades, and decommissioning
• Ensure SOC platforms are engineered for scale, reliability, performance, and forensic integrity
• Partner with IT and platform teams to resolve dependency, access, and infrastructure issues impacting SOC operations
• Own EDR platform engineering, configuration, and operational health across the enterprise
• Define and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution)
• Monitor EDR health metrics and proactively remediate gaps impacting detection or response efficacy
• Develop testing frameworks to validate EDR detections, policies, and response actions
• Serve as a technical owner of detection engineering, enabling high-fidelity detections through better tooling, telemetry, and data quality
• Validate that endpoint, sandbox, and supporting tooling generate the telemetry required to support detection logic and investigations
• Collaborate on detection validation, tuning, and testing pipelines
• Translate emerging threats and attacker techniques into tooling and telemetry requirements
• Engineer and maintain malware detonation and analysis environments that support safe, repeatable analysis
• Support SOC and IR teams with tooling for static and dynamic malware analysis
• Improve sandbox fidelity to better represent enterprise environments and common attacker tradecraft
• Assess new attacker techniques, malware families, and evasion tactics for detection and prevention opportunities across the enterprise
• Identify gaps where tooling or configurations do not adequately surface malicious behavior
• Evaluate new security tools and capabilities to address detection, analysis, or response gaps
• Provide engineering-backed recommendations grounded in operational SOC realities
• Automate routine SOC operations including health checks, validation, deployments, and reporting
• Develop scripts and tooling (PowerShell, Python, etc.) to reduce manual overhead and analyst toil
• Improve reliability through monitoring, alerting, and failure-mode testing of SOC platforms
• Author and maintain engineering documentation for SOC platforms, architectures, and configurations
• Define technical standards and guardrails for SOC platforms usage and integrations
• Support audits, tabletop exercises, and incident reviews from a tooling and telemetry perspective

Skills

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience
• 5–10+ years of experience in security engineering, detection engineering, or advanced SOC technical roles
• Demonstrated experience supporting SOC operations through engineering and platform ownership
• Deep hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne)
• Experience engineering SOC platforms rather than only consuming alerts (platform ownership mindset)
• Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activity across workstation and server environments
• Experience supporting malware analysis and sandboxing environments
• Familiarity with SOC workflows, detection pipelines, and incident response requirements
• Strong scripting and automation skills (PowerShell, Python)
• Solid grasp of attacker TTPs mapped to the MITRE ATT&CK framework
• Experience integrating SOC platforms with SIEM, SOAR, or case management platforms
• Exposure to vulnerability management and scanning platforms
• Experience designing detection validation or purple-team style testing
• Relevant certifications (GIAC, GREM, GCED, GCIA, OSCP) preferred but not required

Benefits

• Paid vacation time
• Paid sick leave
• Medical/dental/vision insurance
• Life, accident and disability insurance
• Tax-advantaged flexible spending and health savings accounts
• Employee assistance program
• Other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
• Tuition reimbursement
• Transit
• The Applause Program
• Employee stock purchase plan
• Sandisk's Savings 401(k) Plan

Company Overview

Company H1B Sponsorship