Security Engineer

How you’ll make an impact: 

We’re looking for a hands-on Security Engineer to help protect Strata’s systems, data, and users. In this individual-contributor role, you’ll monitor and triage alerts, investigate and respond to incidents, tune and operate security tooling, and drive continuous improvements through detection, hardening, and automation. You’ll collaborate closely with IT, Cloud/DevOps, and GRC teams to reduce risk and strengthen Strata’s overall security posture. Your key responsibilities will include: 

• Monitoring & Detection
• Operate and tune SIEM to improve signal quality (detections, correlation rules, dashboards, data health).
• Maintain log source onboarding and coverage across endpoints, network, identity, and cloud.
• Perform hypothesis-driven threat hunting using MITRE ATT&CK and available telemetry.
• Develop detections and enrichment pipelines; document runbooks and response playbooks.
• Monitor, tune, and explain CSPM to stakeholders
• Monitor and tune Antivirus tooling
• Incident Response
• Triage alerts, scope incidents, and execute containment, eradication, and recovery activities.
• Perform host, network, and cloud investigations; collect and preserve evidence.
• Produce clear incident reports and post-incident reviews; implement corrective actions to prevent recurrence.
• Participate in an on-call rotation for high-priority security events.
• Vulnerability & Patch Management
• Run and tune vulnerability scans; validate findings and track remediation through closure.
• Prioritize using risk-based approaches (e.g., exploitability, criticality, exposure).
• Provide actionable remediation guidance to system owners and verify fixes.
• Security Engineering & Automation
• Deploy, maintain, and optimize security controls (EDR, IDS/IPS, email security, WAF, DLP, CASB, secrets management).
• Build lightweight automations and integrations (e.g., SOAR, Python/PowerShell, APIs) to reduce MTTD/MTTR.
• Contribute to hardening baselines (e.g., CIS, NIST) and secure configuration across operating systems, identity, and network.
• Cloud & Application Security
• Monitor and investigate security events across AWS/Azure/GCP (e.g., CloudTrail/Activity Logs, workload telemetry).
• Support guardrails and policy as code, assist with IaC scanning, secrets hygiene, and CI/CD security where applicable.
• Governance, Risk, & Compliance Support
• Help maintain documentation, asset inventories, and control evidence for audits (e.g., SOC 2, HIPAA, PCI-DSS, ISO 27001).
• Track and report security operations metrics (coverage, detection efficacy, MTTD/MTTR).
• Collaboration & Communication
• Partner with IT, Cloud/DevOps, Compliance, Legal, and business teams to remediate findings and implement controls.
• Create clear user-facing guidance and knowledge base articles; contribute to tabletop exercises and training.

What we’re looking for: 

• 2–5+ years of experience in security operations, incident response, or blue team roles.
• Hands-on experience with SIEM (e.g., Splunk, Rapid7), EDR (e.g., CrowdStrike, SentinelOne, Carbon Black), and vulnerability management (e.g., Tenable, Qualys).
• Working knowledge of Windows, Linux, and macOS internals; common network protocols; identity systems (e.g., Okta/AD/Azure AD); and email security.
• Experience monitoring and investigating security events in public cloud (AWS, Azure, or GCP).
• Familiarity with frameworks and models such as NIST CSF, CIS Controls, and MITRE ATT&CK.
• Scripting ability in Python or PowerShell; version control familiarity (e.g., Git).
• Strong analytical, documentation, and cross-team communication skills.

You'll really wow us with: 

• Experience with SOAR platforms (e.g., XSOAR, Tines), SIEM content engineering, and threat intel enrichment.
• Exposure to forensics tooling (e.g., KAPE, Velociraptor, Volatility) and packet analysis.
• Experience supporting audits and evidence collection for SOC 2, HIPAA, PCI-DSS, or ISO 27001.
• Certifications such as GSEC, GCIA, GCED, GCIH, GCFA/GCFE, OSCP, CEH, or equivalent.

Estimated Salary Range: $89,000-105,000

Actual salary will be determined based on factors including, but not limited to, skill set and level of experience. This salary range is a good faith estimate of base pay. Strata also provides discretionary variable pay programs based on role. In addition, Strata provides a comprehensive benefits package including retirement benefits, health and welfare benefits, paid time off, parental leave, life and accident insurance, and other voluntary and well-being benefits.

Find out more about Strata benefits here.  

How we work:
The preferred location for this role is in Chicago, IL or St. Louis, MO. We value our people spending time together and have campuses hosting in-person events located in both cities. We are truly a hybrid environment with all team members experiencing the flexibility to work from home. 

Thinking about applying?  
Research shows that women and underrepresented groups tend to apply to jobs only when they check every box on a job posting. If you’re currently reading this and hesitating to click “Apply” for that reason, we encourage you to go for it! A true passion and excitement for making an impact is just as important as work experience.

Should you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please reach out to careers@stratadecision.com. 

Here @ Strata… 
Our culture is driven by our people solving problems together. We embrace learning, collaboration, and continuous career growth. Together, we lift our customers, our products, our company, and our community.  

We believe that each of our team member’s unique perspectives and experiences is what drives innovation and positive change. Our individual differences are what make us a more forward-thinking organization. We foster a culture of inclusion, equity and belonging, regardless of race, religion, disability, sex, sexual orientation, gender identity or national origin.  

Our Core Values:
While we celebrate what makes each member of our team unique, our core values are what connect us. They set clear expectations for how we approach our work and how each of us can positively influence the experience of our team and our customers.

• We connect with positive intent.
• We are helpful.
• We own it.
• We get better every day.
• We are humble.