Security Operations Engineer, Observability & Automation Engineering

Summary

Join Affirm's Security Team as a Staff Security Operations (Sec Ops) Engineer and help build and mature the Security Operations Engineering program. This hands-on role requires significant engineering experience in cloud environments (AWS or similar), focusing on logging, detection, and response. You will build and enhance the logging pipeline, write advanced detections, tune existing detections, contribute to engineering projects, and drive monitoring, detection, and response for security incidents. The position involves on-call duties and serving as an engineering escalation point. Collaboration with internal and external teams is crucial to solve complex security problems and design solutions aligned with organizational goals. You will also contribute to developing and maturing security incident response playbooks and processes and lead key security projects.

Requirements

• A seasoned Security Operations Engineer with at least 5+ years of experience in Detection and Response with a significant engineering focus in a cloud heavy environment (AWS or similar)
• Experience with developing native data ingestion and data normalization integrations to aid the Sec Ops monitoring & Detection program
• Hands-on experience handling investigative, containment and remediation actions across environments & ability to partner with Infrastructure, SRE teams as needed during incidents
• Demonstrated experience in common Sec Ops tooling including but not limited to: Elastic, Splunk, Hive, Crowdstrike Falcon or similar
• Hands-on experience with container orchestration technologies (Kubernetes or similar)
• Experience in creating automations to improve IR program workflows and capabilities (Python scripting language preferred)
• Familiarity with Infrastructure-as-code (IaaC) including experience developing and deploying cloud services using Terraform
• Strong communication skills with the ability to switch communication style when needed between engineering and non-engineering audiences
• Ability to lead and drive large projects and work with cross functional stakeholders throughout the Engineering organization

Responsibilities

• Serve as a hands-on technical leader to help mature our Logging & Detection Engineering program throughout our environment
• Build and enhance our current logging pipeline to help ingest the right data sources needed to improve our visibility
• Contribute to our detection program by helping write advanced detections based on frameworks such as MITRE ATT&CK
• Continuously tune existing detections to improve our detection fidelity and calibrate signals so we’re maximizing value while minimizing noise
• Contribute to engineering projects involved in building, maintaining and improving our current tooling
• Drive monitoring, detection and response including remediation for security incidents throughout our environment
• Be the senior escalation point for the team when needed for help with investigations and incidents particularly from an engineering escalation perspective
• Build automation between tools when needed to help improve logging, detection and response workflows
• Contribute to developing and maturing security incident response playbooks and processes
• Collaborate with cross functional teams across Affirm and lead key Security projects

Preferred Qualifications

Experience in building actionable threat intelligence & hunting programs is always a bonus!

Benefits

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount