• Design, improve, and maintain secure, durable, and performant infrastructure to power applications, security tooling, log collection, and data mining/ETL workflows. • Evolve log collection, processing, and storage infrastructure enabling security monitoring and investigations. • Support multi-account and multi-region AWS networking architectures with security-first principles. • Develop and maintain Splunk detection content aligned to the relevant frameworks and evolving threat intelligence. • Administer the Splunk Cloud platform, including search health, log health, and app, platform, and content updates. • Design and implement SOAR playbooks to automate investigation and response workflows. • Integrate infrastructure security tooling and automation to enhance detection, prevention, and response capabilities. • Build and maintain detection-as-code and automated deployment pipelines to ensure consistency, repeatability, and auditability. • Continuously refine detection logic to reduce false positives and increase signal quality. • Implement and operate security technologies across the enterprise, such as an endpoint security platform. • Support incident response and investigation escalations. • Proactively meet standards for information security and compliance, such as SOC 2/ISO27001. • Implement and uphold security measures across all infrastructure components. • Work cross-functionally with Product, IT, DevOps, and Engineering teams to drive secure-by-default practices. • Drive architectural and design decisions for SpyCloud’s detection program and platforms. • Mentor junior engineers and establish best practices across infrastructure and detection engineering domains.