About the Role

We are looking for a founding Senior Security Operations Engineer to join Clipboard Health and shape the future of our security operations. As the first hire in this function, you will have the unique opportunity to define and improve security operations processes and systems. This role will focus on operational security work at Clipboard, including bolstering our situational awareness, automating cloud security detection and response capabilities, improving the security posture of 3rd party tools, and ensuring that security issues are handled as they arise. The culture is high-autonomy and high-trust, valuing speed and impact. We are looking for candidates with SIEM management and security D&R experience in web and cloud environments.

This is a 100% remote role, open exclusively to individuals who are legally authorized to work within the United States.

Key Responsibilities

• Security Operations, Investigation, and Incident Response

  • Lead investigations into security alerts and reported security events in a cloud-based environment.

  • Automate investigation workflows and integrate tools to accelerate response times and reduce manual intervention.

  • Serve as the Incident Commander, driving response efforts during security incidents, from containment through recovery and post-mortem analysis.

  • Define, document, and continuously improve security operations playbooks to ensure rapid and effective handling of security events.

  • Partner with IT and support teams on refining procedures relating to security.

• SIEM Management

  • Develop and implement SIEM detections and alerting mechanisms using Terraform, Datadog, and other security tools.

  • Onboard, enrich, and normalize diverse log sources across cloud environments, applications, and endpoints.

  • Collaborate with engineering teams to instrument deployed resources with tooling, enhance security auditing capabilities, and improve visibility in our environment.

• Vulnerability Management

  • Manage vulnerability tracking and reporting, ensuring vulnerabilities are tracked and assigned across teams.

  • Negotiate acceptable remediation approaches and prioritization with owning teams.

  • Drive remediation efforts, ensuring timely and thorough patching of identified security weaknesses.

• Vendor Platform & Service Security

  • Evaluate and enhance the security posture of third-party services and integrations (e.g., Google Workspace, Slack, Zapier), ensuring optimal configuration and ongoing monitoring.

  • Monitor and respond to phishing emails and other security threats within Google Workspace.

Requirements

Need to Have:

• At least 5 years of security incident response experience, such as working in a SOC or on a CIRT/DIRT team.

• Experience leading security incidents as the incident commander.

• Investigate security events, coordinating with other teams and organizations as needed.

• Build high-confidence, low-noise security detections and alerts.

• Experience with major cloud providers, such as AWS or GCP, and cloud technologies like Docker.

• Comfortable with the Linux command line and able to use scripting languages to accelerate workflows, like Bash and Python.

• Knowledge of web & cloud vulnerability categories and familiarity with CVSS.

• Strong understanding of SaaS platform security, including access controls and phishing prevention.

• Pragmatically balance business needs against security risk.

• Clear written communication, including correspondence with internal stakeholders and third parties through documents, Slack messages, and emails.

Nice to Have:

• Experience with infrastructure-as-code for writing detections, particularly Terraform.

• Experience conducting vendor security reviews.

• Ability to properly configure SAML SSO integrations.

• Experience with systems administration or software development.

• Experience working in high growth tech environments