Senior Security Engineer

Requirements

• Experience with detection engineering frameworks (e.g., MITRE ATT&CK).
• Experience building SOAR or response automation.
• Experience in healthcare, biotech, or other regulated environments.
• Security certifications such as CISSP, GIAC, GCED, GCIA, or cloud security certifications.
• Hybrid Work Model: This section is applicable to onsite employees who are eligible for hybrid work location as specified by management and related policies. Guardant has defined days for in-person/onsite collaboration and work-from-home days fo

Benefits

Additional Information

Company Description Guardant Health is a leading precision oncology company focused on guarding wellness and giving every person more time free from cancer. Founded in 2012, Guardant® is transforming patient care and accelerating new cancer therapies by providing critical insights into what drives disease through its advanced blood and tissue tests, real-world data and AI analytics. Guardant tests help improve outcomes across all stages of care, including screening to find cancer early, monitoring for recurrence in early-stage cancer, and treatment selection for patients with advanced cancer. For more information, visit guardanthealth.com and follow the company on LinkedIn , X (Twitter) and Facebook . Position Summary: The Senior Security Engineer, reporting to the Associate Director of Security Engineering, will be responsible for designing, building, and operating Guardant Health's security logging, detection, and response capabilities. This role is highly focused on security data engineering, SIEM architecture, detection engineering, and incident response, with a strong emphasis on cloud and endpoint visibility. You will be a hands-on technical leader working across SOC and Security Engineering disciplines to evolve how Guardant Health detects and responds to threats. This role offers the opportunity to wear many hats - from building scalable logging pipelines and modernizing our SIEM, to crafting high-fidelity detections and responding to real-world incidents. You'll also help shape our emerging strategy around AI-powered defense, including how we securely log, monitor, and assess AI and agent activity across the enterprise. Essential Duties and Responsibilities: Design, build, and operate scalable security logging and data pipelines for on-prem, cloud, endpoint, identity, and SaaS platforms. Serve as the SIEM subject matter expert, including architecture, onboarding of new log sources, data normalization, performance tuning, and cost optimization and regulatory requirements. Develop and maintain high-fidelity threat detection content, including rules, analytics, and behavioral detections across endpoint, cloud, and identity data. Own and enhance detection engineering workflows, including testing, tuning, false-positive reduction, and coverage analysis. Manage and optimize EDR tooling (e.g., CrowdStrike), including telemetry ingestion, detections, response actions, and integrations with the SIEM. Support and participate in incident response, including investigation, containment, eradication, and post-incident reviews. Build dashboards, metrics, and reports to measure detection coverage, SOC effectiveness, and security posture. Monitor and help secure AWS and cloud-native environments, including CloudTrail, VPC Flow Logs, workload logs, and SaaS integrations. Evaluate and implement AI-assisted security capabilities for defense and detection, while also defining how AI systems, agents, and usage are logged, monitored, and assessed for risk. Develop documentation, runbooks, and operational playbooks for SOC and security engineering workflows. Partner closely with IT, cloud, infrastructure, threat & vulnerability, and security architecture teams. Mentor junior engineers and provide technical leadership within the SOC and security engineering functions. Stay current on emerging threats, detection techniques, attacker tradecraft, and security data engineering best practices. Required Qualifications: 5+ years of experience in security engineering, security operations, or detection engineering. Deep hands-on experience with SIEM platforms, including building detections and managing large-scale log ingestion. Strong experience migrating or modernizing SIEM and logging architectures. Proven experience with EDR platforms, preferably CrowdStrike. Have led SIEM migrations, including planning, data model mapping, detection parity, and validation. Strong background in threat detection and incident response within a SOC environment. Experience designing and operating security logging pipelines at scale. Hands-on experience securing AWS and cloud environments. Experience working with identity and access logs, including Okta. Understanding of AI and machine-learning use cases in security, including detection, automation, and governance considerations. Strong written and verbal communication skills. Ability to work independently and collaboratively in a fast-paced environment.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Guardant Health? Share your experience