Software Engineer - SOC
Poshmark, Inc., Redwood City, CA, United States
About Poshmark
Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection.
Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.
Responsibilities
Monitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior
Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes
Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities
Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)
Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CD
Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows
Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements
Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability
Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations
Implement and scale security monitoring solutions across cloud-native and distributed environments
Conduct proactive threat hunting using data-driven and hypothesis-based approaches
Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines
Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code
Participate in architecture and design discussions to embed security into systems from the ground up
Drive and contribute to broader security engineering and SOC modernization projects
Minimum Qualifications
2–4 years of experience in information security, security engineering, or a related field
Hands‑on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems
Experience with incident response and security investigations
Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations
Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling
Familiarity with software engineering fundamentals (data structures, APIs, version control, testing)
Preferred Qualifications
Experience in Incident Response, Malware Analysis, and Threat Hunting
Background in SOC, or SecDevOps practices
Experience building or maintaining internal security tools or platforms
Knowledge of distributed systems and observability (logging, metrics, tracing)
Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)
Relevant certifications (e.g., GCIA or similar)
6-Month Accomplishments
Independently handle full incident response lifecycle with a focus on improving repeatability through automation
Build or enhance at least one automation workflow (e.g., alert enrichment, triage pipeline, or response action) that reduces manual effort
Develop high‑fidelity detections with low false‑positive rates using structured testing and validation approaches
Author and maintain programmatic incident response playbooks integrated with SOC tooling
Demonstrate strong understanding of the evolving threat landscape and apply insights to detection engineering
Contribute code or improvements to internal SOC tools, repositories, or automation frameworks
12+ Month Accomplishments
Significantly reduce Mean‑Time-to-Detect (MTTD) and Mean‑Time-to‑Respond (MTTR) through scalable engineering solutions and automation
Establish and maintain a robust detection engineering lifecycle (design, test, deploy, measure, iterate)
Improve overall security operations posture through continuous system‑level and architectural enhancements
Lead or contribute to major security engineering projects that strengthen monitoring, detection, and response capabilities
Build reusable frameworks, libraries, or services that elevate SOC efficiency and engineering maturity
Act as a bridge between Security and Engineering teams, promoting secure‑by‑design principles across the organization
#J-18808-Ljbffr
Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection.
Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.
Responsibilities
Monitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior
Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes
Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities
Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)
Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CD
Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows
Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements
Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability
Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations
Implement and scale security monitoring solutions across cloud-native and distributed environments
Conduct proactive threat hunting using data-driven and hypothesis-based approaches
Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines
Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code
Participate in architecture and design discussions to embed security into systems from the ground up
Drive and contribute to broader security engineering and SOC modernization projects
Minimum Qualifications
2–4 years of experience in information security, security engineering, or a related field
Hands‑on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems
Experience with incident response and security investigations
Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations
Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling
Familiarity with software engineering fundamentals (data structures, APIs, version control, testing)
Preferred Qualifications
Experience in Incident Response, Malware Analysis, and Threat Hunting
Background in SOC, or SecDevOps practices
Experience building or maintaining internal security tools or platforms
Knowledge of distributed systems and observability (logging, metrics, tracing)
Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)
Relevant certifications (e.g., GCIA or similar)
6-Month Accomplishments
Independently handle full incident response lifecycle with a focus on improving repeatability through automation
Build or enhance at least one automation workflow (e.g., alert enrichment, triage pipeline, or response action) that reduces manual effort
Develop high‑fidelity detections with low false‑positive rates using structured testing and validation approaches
Author and maintain programmatic incident response playbooks integrated with SOC tooling
Demonstrate strong understanding of the evolving threat landscape and apply insights to detection engineering
Contribute code or improvements to internal SOC tools, repositories, or automation frameworks
12+ Month Accomplishments
Significantly reduce Mean‑Time-to-Detect (MTTD) and Mean‑Time-to‑Respond (MTTR) through scalable engineering solutions and automation
Establish and maintain a robust detection engineering lifecycle (design, test, deploy, measure, iterate)
Improve overall security operations posture through continuous system‑level and architectural enhancements
Lead or contribute to major security engineering projects that strengthen monitoring, detection, and response capabilities
Build reusable frameworks, libraries, or services that elevate SOC efficiency and engineering maturity
Act as a bridge between Security and Engineering teams, promoting secure‑by‑design principles across the organization
#J-18808-Ljbffr