Kharon · 4 hours ago
Security Engineer, Detection & Response
United States
Full-time
Remote
Senior Level
$160K/yr - $180K/yr
5+ years expKharon is a highly disruptive organization focused on navigating risk at the intersection of global security threats and international commerce. They are seeking a full-time Security Engineer, Detection & Response to lead the architecture and implementation of their centralized SIEM solution, develop detection rules, and enhance incident response capabilities.
AnalyticsBusiness IntelligenceComplianceRisk Management
Responsibilities
Lead the architecture, implementation, and configuration of our centralized SIEM solution
Design and maintain robust log ingestion pipelines from key sources as Cloud Service Providers (AWS, GCP), Endpoint Protection, Identity and Access Management, Device Management etc
Develop, test, and deploy custom detection rules to identify malicious activity. Map our detection coverage against the MITRE ATT&CK framework
Triage security events and lead security incident response efforts. Build automation scripts (Python/SOAR) to enrich alerts and reduce manual toil
Relentlessly tune alerts to minimize false positives, ensuring the team focuses on genuine threats (combating alert fatigue)
Partner with DevOps and IT to ensure critical systems are generating the right telemetry and that security blind spots are illuminated. Generate automated reporting assisting with evidence collection for compliance and investigations
Qualification
Required
5+ years in Information Security with a focus on Detection & Response, SOC Engineering, or Blue Teaming
Must possess an expert-level Linux background (Ubuntu, RHEL, Amazon Linux etc.)
Proven experience setting up a SIEM from scratch or significantly refactoring an existing deployment (e.g., Splunk, Panther, Elastic, Datadog Security, Sumo Logic)
Expertise in SIEM-specific languages (e.g., KQL, SPL, SQL, ES|QL, OPAL)
Deep understanding of AWS security (CloudTrail, GuardDuty, VPC Flow Logs, s3, IAM) and how to detect threats in a cloud-native environment
Expertise in multi-stage data parsing (Regex, Grok, KQL Parse) to transform raw, unstructured logs into actionable security intelligence
Familiarity with telemetry from EDR tools (CrowdStrike) and Identity Providers (Okta/Google)
Proficiency in Python or Bash for automating log analysis and response tasks
Familiarity with common compliance frameworks such as SOC, ISO, GDPR etc
You are comfortable working with ambiguity and enjoy creating processes where none existed before
Preferred
Infrastructure as Code (Terraform) to deploy security logging infrastructure
Ethical Hacking/Penetration Testing background
Experience with Tailscale or Zero Trust networking concepts
Knowledge of Osquery for endpoint visibility
Benefits
Fully sponsored medical, dental, and vision
FSA program for both medical and dependent care
401k + Roth with matching and immediate vesting
Paid time off + 11 paid holidays
Company
Kharon
Network intelligence at the nexus of global security + international commerce
51-200 employees
H1B Sponsorship
Kharon has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2021 (1)
Funding
Current Stage
Growth StageLeadership Team
Joshua Shrager
Executive Vice President
Recent News
2025-12-16
Morningstar.com
2025-10-15
Company data provided by crunchbase