Security Operations Engineer

• We are seeking a Security Operations Engineer to mature Alpaca’s day-to-day security operations. This role will be responsible for managing our third-party SOC relationship, operating and tuning our on-prem SIEM, and acting as a critical bridge between IT Helpdesk and the Security team to ensure security issues are identified, triaged, and resolved quickly and consistently. • You will be both hands-on and operationally minded: improving detection quality, streamlining alert triage, coordinating incident response, and ensuring security operations scale with the business. You’ll play a key role in turning security signals into action and ensuring operational issues don’t become security incidents. • This role reports to the Enterprise Security Architect and works closely with IT, DevOps, Engineering, and our external SOC partner. • The Security Team is 100% distributed and remote. • Things You Get To Do: • The core responsibilities of the Security Operations Engineer are focused on detection, response, operational excellence, and cross-functional coordination. • Security Operations and Detection Engineering: • Security Operation Center: Own the relationship with our managed SOC, including alert quality, escalation workflows, SLAs, runbooks, and continuous improvement of detection coverage and response effectiveness. Assist with triage, investigations, and respond to security alerts across endpoints, identity, cloud, network, and application logs. • Security Operation Center: • SIEM Management: Operate and maintain our SIEM, including log onboarding, parsing, normalization, correlation rules, alert tuning, and lifecycle management to reduce noise and increase signal. • SIEM Management • Log Coverage & Telemetry: Ensure critical systems generate the right security telemetry, filling gaps across endpoints, identity providers, network devices, SaaS tools, and cloud platforms. • Log Coverage & Telemetry: • Detection Improvements: Continuously refine detection logic based on threat intelligence, SOC feedback, incident learnings, and emerging attack techniques. • Detection Improvements: • Incident Response & Metrics: • Incident Handling: Assist with security incidents, working with IT, Engineering, and external partners to contain, eradicate, and recover from incidents. • Incident Handling: • Runbooks & Playbooks: Develop, maintain, and continuously improve incident response playbooks, escalation paths, and communication procedures. • Runbooks & Playbooks: • Operational Metrics: Track and report on key security operations metrics such as alert volumes, false positive rates, mean time to detect (MTTD), mean time to respond (MTTR), and SOC performance. • Operational Metrics: • IT & Security Collaboration: • Bridge IT and Security: Act as the security liaison to the IT Helpdesk, ensuring security-related tickets are properly triaged, prioritized, and resolved without slowing down business operations. • Bridge IT and Security: • Security Enablement: Provide guidance and context to IT teams on security alerts, risks, and required actions, helping raise the overall security maturity of frontline support teams. • Security Enablement: