opengreenhousecncf-landscape
Security Operations Engineer
Pure Storage
LocationBangalore, India, Office - India (Bangalore - 1 Sobha)
Last observed2026-06-13 05:25:41.863157
Job idcncf-landscape-pure-storage:greenhouse:7882542
We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry. This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us. THE ROLE You will partner with the security operations lead and broader security team to develop and mature security use cases that apply across the company’s environment and operations. Your mission is to build and refine the detections, policies, and response logic that enable the team to identify real attacks, misuse, intrusions, and data loss events with speed and confidence. This is not a passive monitoring role. You will be expected to understand how the business operates, how attackers move, where meaningful signals live, and how to translate that knowledge into durable security content and response workflows. Success in this role is measured not by alert volume, but by signal quality, attack reduction, faster containment, and continuous operational improvement . WHAT YOU’LL DO Design, implement, and maintain high-fidelity detections, correlation rules, alerts, dashboards, and use cases in Splunk and related security platforms. Build detections across multiple data domains, including identity, endpoint, network, cloud infrastructure, SaaS applications, DLP, vulnerability, and asset posture. Correlate signals from diverse tooling and data sources to identify attacker behavior, misuse, anomalous activity, and material security risk. Partner with business units, IT, engineering, and internal security stakeholders to map business processes and workloads to security use cases and required telemetry. Support and participate in incident triage, investigation, containment, and post-incident improvement activities. Develop enrichment and automation workflows using Python, APIs, and security tooling to improve analyst efficiency and response consistency. Improve detection quality by tuning noisy alerts, reducing false positives, and increasing true positive rates. Collaborate on logging strategy, event onboarding, normalization, parsing, correlation, retention, reporting, and platform customization. Apply threat intelligence, attacker tradecraft, and frameworks such as MITRE ATT&CK, CVE/CVSS, and risk context to drive meaningful detections. Create playbooks, runbooks, detection documentation, and operational guidance for responders and analysts. Use lessons learned from incidents, hunts, and threat research to continuously improve content, coverage, and response workflows. Help mature a security operations model that brings together detection, alerting, investigation, and response rather than treating them as isolated functions. What You Will Help Build High-signal detections for credential misuse, privilege abuse, lateral movement, endpoint compromise, cloud and SaaS misuse, suspicious administrative activity, insider risk indicators, and sensitive data movement. Risk-informed detections that combine activity with identity context, asset criticality, exposure data, vulnerability posture, and threat intelligence . Response workflows that reduce manual effort and improve speed, consistency, and quality during investigations. A detection program that focuses on real outcomes : prevention, earlier detection, faster containment, and reduced operational noise. WHAT YOU BRING 6+ years of experience in cybersecurity, or a related technical field 3+ years of hands-on experience in incident response, detection engineering, security operations, or SIEM engineering Strong hands-on experience with a SIEM platform; direct experience with Splunk is strongly preferred Solid understanding of the incident response lifecycle, including triage, scoping, containment, eradication, recovery, and post-incident learning Strong understanding of foundational networking, sys
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.