Senior SOC Engineer

How You Will Make a Difference Day to Day:

• Investigate security alerts and potential incidents, using tools like Panther, Wiz, and EDR platforms to assess severity, impact, and required response.
• Manage Iru’s SIEM instance — tuning detections, improving log coverage, and building custom alerts using Python-based detection-as-code frameworks.
• Monitor and triage security events across Iru’s AWS environments, applications, and infrastructure.
• Collaborate directly with employees and teams to assess and respond to security notifications or suspicious behavior.
• Partner with Security Research to improve detection logic.
• Assist in incident response — conducting initial investigations, collecting evidence, and coordinating with senior engineers for containment and remediation.
• Contribute to maturing security operations — identifying process gaps, improving monitoring visibility, and documenting response playbooks.
• Collaborate cross-functionally with Engineering, Product, and IT to improve detection coverage and ensure alignment between systems and policies.
• Support security awareness and response readiness by helping build a strong detection and alerting foundation across the organization.

We’d love to hear from you if you have:

• 5+ years of experience in Security Operations, Incident Response, or a related hands-on security role.
• Experience with SIEM platforms such as Panther, ELK, or Splunk — including alert investigation, rule tuning, and detection authoring.
• Practical experience with cloud security (preferably AWS) — monitoring audit logs, IAM activity, and workload events.
• Hands-on scripting experience, ideally in Python (preferred) or Bash — used for automations, integrations, or detection authoring.
• Understanding of detection-as-code frameworks and how to design detections based on real-world attacker behaviors.
• Familiarity with EDR tools and how SIEM platforms ingest and correlate alerts from them.
• Experience participating in or supporting incident response investigations — from triage to containment.
• Familiarity with Mac and Windows forensics fundamentals.
• Strong written and verbal communication skills; able to translate technical findings into clear business impact.
• Required to work on-site 5x a week in our Miami office (Coral Gables).


Knowledge across multiple security domains, including:
• Application Security
• Cloud Platform Security
• Container Security
• Endpoint Security
• Network Security
• Email Security
• Database Security
• Incident Response Frameworks and Activities
• MITRE ATT&CK Framework
• Social Engineering Techniques

Nice to haves, but NOT required:

• Prior experience helping mature or build a security operations program from the ground up.
• Background in threat hunting or detection engineering.
• Experience integrating Wiz or similar cloud posture management tools into a SIEM workflow.
• Knowledge of security automation frameworks, including alert enrichment and workflow orchestration.
• Hands-on experience supporting hybrid (Mac + Windows) endpoint environments.