Apply on Employer Site

Truveta · 2 hours ago

Senior Security Engineer

Greater Seattle Area

Full-time

Onsite

Senior Level

$135K/yr - $180K/yr

5+ years exp

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. This role is critical in ensuring security and compliance by designing, implementing, and supporting solutions that enhance the company's Digital Workplace strategy.

AnalyticsData ManagementHealth Care

No H1B

Responsibilities

Handle investigation and response to security incidents across endpoints, identities, email, cloud workloads, and SaaS applications

Act as a senior escalation point for SOC analysts during complex or ambiguous security events

Participate in on-call rotations and provide senior-level escalation support when needed

Lead or contribute to post-incident reviews (RCA, postmortems) and track remediation actions to completion

Ensure incidents are accurately documented for audit, compliance, and operational learning

Maintain and improve incident response runbooks, playbooks, and escalation procedures

Support incident readiness activities, including tabletop exercises and response drills

Develop, tune, and maintain Microsoft Sentinel analytics rules to improve detection quality and reduce false positives

Design and optimize KQL queries for investigations, threat hunting, and detection engineering

Integrate and maintain log sources and data connectors in Microsoft Sentinel, ensuring data quality and proper normalization

Build and maintain SOAR automation and playbooks (Logic Apps) for alert enrichment, triage, and response

Perform proactive threat hunting across Microsoft Sentinel and Defender data to identify emerging or stealthy threats

Monitor and continuously improve detection coverage and security posture (e.g., Secure Score, exposure signals)

Track and report on SOC and incident metrics such as MTTD, MTTA, MTTR, alert volume, and detection effectiveness

Partner with engineering and infrastructure teams to drive long-term remediation and risk reduction

Contribute to the continuous improvement of SOC tooling, automation, and operational maturity

Help define and improve SOC processes, workflows, and standards

Mentor and guide SOC analysts and junior engineers through investigations and response activities

Stay current on threat intelligence, attacker techniques (MITRE ATT&CK), and the Microsoft security roadmap

Qualification

Microsoft SentinelKQLIncident ResponseAzure cloud architectureSOAR automationMITRE ATT&CKCommunication skillsMentorship

Required

The knowledge, skills, and abilities typically acquired through the completion of a Bachelor's degree in Cyber Security, Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience

5+ years of experience in Security Operations (SOC), Incident Response, or Detection & Response role, with demonstrated ownership of complex security incidents

Hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, Cloud Apps)

Proficiency in KQL (Kusto Query Language) for investigations, threat hunting, and detection engineering

Experience designing, tuning, and maintaining SIEM detections and SOAR automation, including alert triage and response workflows

Solid understanding of Azure cloud architecture, core services, and native security controls

Familiarity with Azure Entra ID, identity security concepts, RBAC, and IAM-related threats

Experience with handing high-severity security incidents, including cross-team coordination and stakeholder communication

Familiarity with MITRE ATT&CK, threat actor techniques, and modern attack methodologies across cloud, identity, and endpoint environments

Experience supporting on-call rotations and working in a 24/7 or follow-the-sun SOC environment

Strong written and verbal communication skills, with the ability to explain technical issues to both technical and non-technical audiences

Ability to mentor junior analysts and contribute to the continuous improvement of SOC processes and tooling

Preferred

Relevant certifications such as Microsoft Security Operations Analyst Associate, Azure Security Engineer Associate, SC-200, SC-100, CySA+, GCIH, GCIA, CISSP, or similar are strongly preferred

Benefits

Great benefits package

Comprehensive benefits with strong medical, dental and vision insurance plans

401K plan

Professional development & training opportunities for continuous learning

Work/life autonomy via flexible work hours and flexible paid time off

Generous parental leave

Regular team activities (virtual and in-person)

Company

Truveta

Truveta is a healthcare data platform that provides EHR data for scientific research.

Founded in 2020

Bellevue, Washington, USA

201-500 employees

https://www.truveta.com

Funding

Current Stage

Growth Stage

Total Funding

$515M

Key Investors

Microsoft

2025-01-13Series C· $320M

2021-11-09Series Unknown· $100M

2021-09-29Corporate Round

Leadership Team

Terry Myerson

CEO and Co-founder

Jay Nanduri

Chief Technical Officer & Co-Founder

Recent News

GlobeNewswire

Truveta launches Truveta Live Link

2026-01-14

GeekWire

Here’s where Seattle ranks among U.S. cities based on capital raised

2026-01-12

GlobeNewswire

New Truveta research published in JAMA Network Open reveals declining timeliness in childhood MMR vaccination and identifies early predictors of missed immunizations

2026-01-03

Company data provided by crunchbase