Calendly is seeking a Senior Security Engineer who will bring curiosity, technical knowledge and desire to up-level people around you. You will report to the Head of Security Operations and will be responsible for many of the key functions around security operations including incident response, enterprise level security and enhancing threat detection capabilities.
A day in the life of a SOC Security Engineer at Calendly
On a typical day, you will be working on:
• Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner.
• Managing and coordinating cybersecurity incidents from identification through resolution.
• Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies.
• Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response
• Collaborating with Engineering and SRE to identify and mitigate logging deficiencies
• Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage
• Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional
• Developing, implementing, and overseeing incident response protocols and procedures to swiftly and effectively manage security incidents.
• Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team
• Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency.
• Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness.
• Collaborating with Engineering, IT and other departments to ensure cybersecurity best practices are integrated across the organization.
• Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making.
What do we need from you?
• A minimum of 8 years of experience in cybersecurity, with at least 4 years dedicated to security operations or detection & response.
• Demonstrated experience in incident response and management, including developing and implementing incident response playbooks and procedures, acting as incident commander on major cross-functional incidents, and conducting post-incident analysis.
• Experience with JIRA or similar tools for creating dashboards, managing reports, and automating workflows to support cybersecurity operations.
• Proven track record in threat detection, analysis, and resolution, including the use of forensic tools for in-depth investigations.
• Expert knowledge in operating and configuring SIEM tools (e.g., Splunk, ELK) for real-time threat monitoring and analysis.
• Deep understanding of security technologies such as EDR (Endpoint Detection and Response), firewalls, and vulnerability scanners.
• Demonstrated track record of automating SOC processes, enhancing threat detection, and streamline incident response using Python
• In-depth knowledge of threat actor behaviors, techniques and tools
• Experience investigating security events on MacOS, Linux and Windows systems
• Experience investigating security events in cloud environments including AWS and/or GCP
• Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time
Additional Valued Skills
• Experience with automating deployment and administration of detection capabilities with detection-as-code and CI/CD
• Experiencing with deploying and managing infrastructure using Terraform, CloudFormation or similar
• Experience developing detection capabilities for CI/CD environments
Skills:
Amazon Web Services (AWS), Analysis Skills, Atlassian JIRA, Automation, Best Practices, Cloud Computing, Computer Security, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, Cross-Functional, Enterprise Protection, Firewalls, GCP (Good Clinical Practices), Incident Management, Incident Response, Information Technology & Information Systems, Internet Security, Linux Operating System, Mac Operating System, Metrics, Microsoft Windows Operating System, Onboarding, Operational Support, Python Programming/Scripting Language, Reporting Dashboards, Security Analysis, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Signal-to-noise Ratio (SNR), Splunk, Telemetry, Time Management, Time Tracking, Vulnerability Scanners
About the Company:
Calendly
