Lead Security Engineer

At SolarWinds, we’re a people-first company. Our purpose is to enrich the lives of the people we serve—including our employees, customers, shareholders, partners, and communities. Join us in our mission to help customers accelerate business transformation with simple, powerful, and secure solutions. The ideal candidate thrives in an innovative, fast-paced environment and is collaborative, accountable, ready, and empathetic. We’re looking for individuals who believe they can accomplish more as a team and create lasting growth for themselves and others. We hire based on attitude, competency, and commitment. Solarians are ready to advance our world-class solutions in a fast-paced environment and accept the challenge to lead with purpose. If you’re looking to build your career with an exceptional team, you’ve come to the right place. Join SolarWinds and grow with us! Role Overview We are seeking a Lead SOC Engineer to serve as a key technical resource within our security operations. This role is responsible for managing complex incident response investigations, overseeing the technical output of our MSSP, and addressing vulnerabilities across our infrastructure and software supply chain. The ideal candidate will provide deep technical expertise during security events and act as a consultant to our Engineering teams to ensure a secure development lifecycle. Core Responsibilities 1. Digital Forensics Incident Response (CSIRT) Investigation Lead: Conduct end-to-end forensic analysis (host, network, and memory) for high-priority security incidents. Root Cause Analysis: Perform deep-dive assessments to identify attack vectors and provide actionable recommendations to prevent recurrence. MSSP Oversight: Act as the primary technical point of contact for our MSSP, reviewing escalated alerts for accuracy and ensuring forensic readiness. 2. Software Supply Chain Product Security CI/CD Integration: Work with Engineering and DevOps to identify and mitigate risks within build pipelines and the software development lifecycle (SDLC). Vulnerability Consultation: Translate technical vulnerabilities (SCA, SAST/DAST, and OWASP Top 10) into remediation steps for development teams. Cloud Container Security: Assess and secure containerized workloads (Kubernetes/Docker) and cloud-native services in AWS/Azure. 3. Operational Leadership Metrics Performance Tracking: Define and monitor SOC KPIs (MTTD, MTTR, and False Positive rates) to drive continuous improvement for both internal and managed services. Playbook Development: Create and maintain technical incident response playbooks and security policies that reflect the current threat landscape. Automation: Utilize Python or PowerShell to automate manual workflows and improve integration between security tools. Technical Requirements Incident Response: Extensive experience with SIEM (Sentinel/Splunk/Google SecOps), EDR (CrowdStrike/SentinelOne/Defender), and forensic toolsets (Magnet, EnCase, or similar). Vulnerability Management: Advanced knowledge of enterprise scanners (Tenable/Qualys) and experience managing vulnerabilities in a CI/CD environment. Cloud Infrastructure: Technical proficiency in AWS or Azure security architectures. Communication: Ability to communicate technical risk clearly to both IT administrators and software engineers. Preferred Certifications Incident Response: GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH). Cloud Security: CCSP, AZ-500, or AWS Certified Security – Specialty. General: CISSP or CISM. What We Are Looking For A professional who prioritizes thorough investigation and root-cause identification over quick ticket closure. A collaborator who can partner effectively with Software Engineering to improve product security posture. A mentor who can utilize metrics and data to optimize security operations and vendor performance. SolarWinds is an Equal Employment Opportunity Employer. SolarWinds will consider all qua ... (truncated, view full listing at source)