etched - Security Engineer (Remote)

• Manage and harden security baselines across on-prem, hybrid, and cloud systems, ensuring strong protection while maintaining speed and usability. • Integrate telemetry, logging, tracing, and management of structured, semi-structured, and unstructured data across the entire environment to provide unified and comprehensive observability into infrastructure and application activity. • Lead vulnerability management, patching, and configuration assurance programs to reduce exposure and maintain a consistent security posture. • Partner with infrastructure, IT, and application teams to strengthen identity, access, and network security through Okta, Google Workspace, and FreeIPA. • Implement and maintain zero-trust network architectures, SASE controls, CASB solutions, and conditional access policies that protect both users and data across environments to ensure full access and full control of our data and IP regardless of location or device. • Operate and enhance security operations tooling, including SIEM, SOAR, and EDR/XDR platforms, to ensure comprehensive monitoring and rapid detection of threats. • Develop and tune detection logic, automation, and playbooks for identifying and responding to threats such as insider activity, lateral movement, and anomalous behavior. • Investigate and respond to security incidents, performing root-cause analysis, containment, and remediation while coordinating with engineering and IT. • Build automation, scripts, AI agents, and integrations that streamline monitoring, alerting, and remediation workflows to improve efficiency and reliability. • Establish metrics, dashboards, and feedback mechanisms to measure detection coverage, response time, and overall security health. • Promote a culture of security awareness and ownership across engineering teams, ensuring that protection and productivity advance together. • Representative Projects • Implementing a centralized security telemetry pipeline that aggregates logs and signals from networks, compute clusters, storage, endpoints devices, build systems, and cloud services into a unified SIEM for improved detection coverage. • Designing and developing Security Orchestration, Automation, and Response (SOAR) workflows to automate repetitive tasks like alert triage, data gathering, and initial containment, which improves SOC efficiency. • Help build a secure and flexible end user access framework that uses SDWAN, SASE, CASB, conditional access, EDR and XDR, and MDM/MAM to support productive, friction-free and secure work from any location using different devices. • Network Security Monitoring: Configuring and monitoring network intrusion detection/prevention systems (IDS/IPS) and firewalls to detect anomalies in network traffic, especially on the SDWAN and client VPN links • Creating and refining detailed, documented incident response plans and playbooks tailored to specific scenarios, such as a breach in a lab environment or a compromised silicon testing machine. • Conducting regular vulnerability assessments and penetration testing on internal systems and applications, then coordinating with relevant teams to manage and remediate identified weaknesses.