Ledger - Senior Security Operations Engineer

• As a Senior Security Operations Engineer, you are at the heart of the SOC: you lead investigations from start to finish, manage the lifecycle of detections, dashboards, and automations, and continuously expand our visibility (cloud, endpoints, identities, SaaS, infrastructure). You work independently on complex issues, decide on the next steps - investigation, containment, remediation, or escalation - serve as a technical resource and point of escalation for more junior analysts (whose work you review and with whom you share your knowledge), and make a tangible contribution to improving our internal Agentic SOC. • Senior Security Operations Engineer • Operate the SOC • Operate the SOC • Analyze, classify, and prioritize alerts (from Splunk, CrowdStrike, Wiz, AWS, and other sources), and conduct in-depth investigations into incidents affecting endpoints, the cloud, identities, SaaS, workloads, and infrastructure. • Provide clear, actionable context to inform next steps, and serve as an escalation point for less experienced analysts. • Leverage the Agentic SOC, which investigates weak signals and enriches alerts, so you can focus your time on the incidents that matter. • Visibility & Detection • Build and tune cloud detection use cases (AWS, IAM activity, EKS/Kubernetes, container workloads), and use Wiz to track and prioritize cloud exposure as part of your detection work. • Integrate and maintain the necessary log sources (cloud, endpoints, identities, SaaS, infrastructure, Kubernetes) and improve data quality: completeness, parsing, normalization, relevance, and usability. • Identify visibility blind spots and work with the IT, Cloud, Infrastructure, and Engineering teams to reduce them. • Design, write, and optimize Splunk queries; develop new detection use cases based on available logs, refine them, and document their logic; reduce noise and improve signal quality. • Incident Response • Incident Response • Play a leading role in investigations: gathering evidence, reconstructing timelines, and documenting actions taken. • Monitor containment, remediation, and post-incident measures. • Turn lessons learned into sustainable improvements and formalize processes: detection mechanisms, runbooks, dashboards, and automations. • Contribute to automation and our Agentic SOC • Build and maintain automations (Torq/SOAR, scripts, APIs) that accelerate triage, enrichment, and response. • Contribute to the design and continuous improvement of the internal Agentic SOC—the AI system that investigates weak signals, enriches alerts, and assists with investigations—and expand its capabilities: new investigation workflows, better correlation, and tighter integration with detection and response.