Software Engineer II, Cybersecurity Opertaions

Candidates for this position are preferred to be based in Bangalore, India and will be expected to comply with their team's hybrid work schedule requirements.

Who We are:

Wayfair is the online leader for home furnishings and decor. Through technology and innovation, Wayfair makes it possible for shoppers to quickly and easily find exactly what they want from a selection of more than 8 million items across home furnishings, décor, home improvement, housewares and more.

Wayfair operates a growing Security Operations Center and we’re looking for a talented Security Engineer to join and help grow our team. Our Security Operations team is tasked with monitoring and protecting Wayfair from an ever growing number of security risks, and finding new and creative ways to do so. We have a strong focus on engineering and innovation, and are seeking individuals who love to find new problems and hate fixing the same problem twice.

What You’ll Do

• In this role you will work closely with the cyber security organization to build monitoring and response tooling and processes to reduce our mean-time-to-detect and remediate to keep up with threat actors changing tactics, techniques, and procedures (TTPs)
• Logging - Gather all security relevant cloud, infrastructure and application logs parsed, and into our SIEM
• Detection - Setup detection and prevention rules and policies, PoC and deploy tools that help with detection, tune/audit deployed rules/policies in security tools on true and false positives, setting up a detection framework
• Response - Build plan and procedures for Incident Response, create playbooks to be followed, automate response, develop/deploy malware analysis tools and techniques, forensic tools and techniques to capture evidence/malware, PoC and deploy tools that help with response, integrate with customer service teams and engineering teams etc.
• Build security alerts & dashboards in various incident response tools. Monitor for suspicious activities/alerts in the cloud/infrastructure/application from various sources such as internal reports from employees as well as external reports such as customers/social media, vendors, partners, bug bounty programs etc., deployed/integrated security tools, data visualization tools etc.
• Build and maintain security infrastructure tooling that supports continuous SOC operations and vulnerability management
• As needed, support the response to security alerts and incidents, and take appropriate action to remediate and resolve

We Are a Match Because You Have:

• 3-5 years experience working in cyber security operations
• Understanding of the threat landscape, the latest security trends, attack vectors for corporate and cloud environments, and how build detection and response tooling to identify and respond to malicious actors
• Experience with SOAR/SIEM technologies
• Experience with incident detection and remediation
• Working knowledge of threat vectors, vulnerabilities, and what anomalies to look for
• Working knowledge of Linux and/or Windows logs & indicators
• Python experience to build and automate tooling
• Experience writing SIEM logging parsing rules
• Experience with incident response and monitoring tools, such as SIEM, EDR, cloud monitoring, etc.
• Strong communication skills to describe challenges and roadblocks when building and maintaining our security operations tooling and logging
• Understanding of cyber security best practices and frameworks such as NIST, MITRE, ATT&CK Framework, and OWASP Top 10