Security Operations Engineer

About Mesh At Mesh, our mission is to enable consumers to pay and be paid with any asset. Today, trillions of dollars in tokenized assets exist but remain largely unusable for everyday commerce. Mesh is bridging this gap by making crypto payments reliable, useful, and ubiquitous. We combine a powerful orchestration engine with a seamless consumer app to unlock liquidity for the world. Backed by leading investors like PayPal Ventures, Paradigm, and Galaxy Ventures, we are building the infrastructure for the next era of the global economy. Join us! Overview As a Security Operations Engineer, you will be the day-to-day operator and custodian of our security monitoring infrastructure, responsible for writing and tuning detections, integrating new log sources, investigating security incidents, and escalating threats with precision and speed. This is a hands-on technical role where you own the security operations platform (SIEM/SOAR), build detection logic that catches real threats, and drive rapid incident response across our infrastructure. You will work autonomously to maintain visibility across the organization's security posture, identify emerging threats, and ensure that detection rules evolve as our threat landscape changes. This role bridges security engineering and incident response, requiring both technical depth in detection engineering and operational discipline in investigation and escalation workflows. What You'll Do Own Security Operations Platform Management by administering, configuring, and maintaining SIEM/SOAR platforms as the central nervous system for threat detection and incident response. Engineer Detection Rules and Alerts by writing, tuning, and optimizing detection queries to identify real security threats while minimizing false positives. Integrate New Log Sources by designing and implementing parsers, log ingestion pipelines, and data normalization for new security tools and infrastructure components. Conduct Security Investigations by analyzing alerts, performing forensic analysis of security events, and determining true positive vs. false positive findings. Manage Incident Escalation by evaluating incident severity, escalating to senior engineers when needed, and maintaining clear communication with stakeholders during active incidents. Maintain Detection Coverage by continuously assessing detection gaps, analyzing threat intelligence for emerging attack patterns, and extending detection rules to address new threats. Optimize Security Operations by identifying bottlenecks in alerting and investigation workflows, proposing process improvements, and implementing automation to reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR). Document Investigations and Incidents by creating clear, detailed incident reports that support post-incident reviews and contribute to institutional knowledge. Collaborate on Threat Response by working with security engineers, infrastructure teams, and incident responders to contain and remediate active threats. Support Compliance and Evidence Collection by ensuring security events are properly logged, archived, and available for audit and regulatory requirements. Maintain Operational Readiness by staying current on emerging threats, attack techniques, and detection methodologies relevant to our infrastructure and threat model. Who You Are Bachelor’s degree in Computer Science, Cybersecurity or a related field. 5–7+ years of hands-on experience in security operations, threat detection or incident response. Strong experience administering and tuning SIEM/SOAR platforms in production environments. Proven ability to write and optimize detection rules (e.g. SPL, KQL or similar query languages). Deep understanding of network, host, application and cloud security concepts. Solid experience investigating security incidents and performing forensic analysis. Strong written and verbal communication skills, with the ability to clearly document findings a ... (truncated, view full listing at source)