[Remote] Senior Security Engineer
Note: The job is a remote job and is open to candidates in USA. Sandisk is a leading company in the computer hardware industry, known for its innovative solutions in data consumption. They are seeking a highly experienced Senior Security Engineer to design and improve the security tooling ecosystem for their Security Operations Center (SOC), focusing on the reliability and effectiveness of SOC platforms.ResponsibilitiesEngineer, deploy, and maintain all core SOC platforms, including:Malware analysis and sandboxing solutionsAnalyst workstation environments (Windows investigation VMs)Endpoint Detection & Response (EDR/XDR)Email Security EngineeringVulnerability Scan EngineeringAct as technical owner for SOC platforms, including alignment with architecture requirements, lifecycle management, upgrades, and decommissioningEnsure SOC platforms are engineered for scale, reliability, performance, and forensic integrityPartner with IT and platform teams to resolve dependency, access, and infrastructure issues impacting SOC operationsOwn EDR platform engineering, configuration, and operational health across the enterpriseDefine and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution)Monitor EDR health metrics and proactively remediate gaps impacting detection or response efficacyDevelop testing frameworks to validate EDR detections, policies, and response actionsServe as a technical owner of detection engineering, enabling high-fidelity detections through better tooling, telemetry, and data qualityValidate that endpoint, sandbox, and supporting tooling generate the telemetry required to support detection logic and investigationsCollaborate on detection validation, tuning, and testing pipelinesTranslate emerging threats and attacker techniques into tooling and telemetry requirementsEngineer and maintain malware detonation and analysis environments that support safe, repeatable analysisSupport SOC and IR teams with tooling for static and dynamic malware analysisImprove sandbox fidelity to better represent enterprise environments and common attacker tradecraftAssess new attacker techniques, malware families, and evasion tactics for detection and prevention opportunities across the enterpriseIdentify gaps where tooling or configurations do not adequately surface malicious behaviorEvaluate new security tools and capabilities to address detection, analysis, or response gapsProvide engineering-backed recommendations grounded in operational SOC realitiesAutomate routine SOC operations including health checks, validation, deployments, and reportingDevelop scripts and tooling (PowerShell, Python, etc.) to reduce manual overhead and analyst toilImprove reliability through monitoring, alerting, and failure-mode testing of SOC platformsAuthor and maintain engineering documentation for SOC platforms, architectures, and configurationsDefine technical standards and guardrails for SOC platforms usage and integrationsSupport audits, tabletop exercises, and incident reviews from a tooling and telemetry perspectiveSkillsBachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience5–10+ years of experience in security engineering, detection engineering, or advanced SOC technical rolesDemonstrated experience supporting SOC operations through engineering and platform ownershipDeep hands-on experience with EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne)Experience engineering SOC platforms rather than only consuming alerts (platform ownership mindset)Strong understanding of Windows internals, Linux operating systems, and server infrastructure, including endpoint and host-level telemetry, process execution, persistence mechanisms, and administrative activity across workstation and server environmentsExperience supporting malware analysis and sandboxing environmentsFamiliarity with SOC workflows, detection pipelines, and incident response requirementsStrong scripting and automation skills (PowerShell, Python)Solid grasp of attacker TTPs mapped to the MITRE ATT&CK frameworkExperience integrating SOC platforms with SIEM, SOAR, or case management platformsExposure to vulnerability management and scanning platformsExperience designing detection validation or purple-team style testingRelevant certifications (GIAC, GREM, GCED, GCIA, OSCP) preferred but not requiredBenefitsPaid vacation timePaid sick leaveMedical/dental/vision insuranceLife, accident and disability insuranceTax-advantaged flexible spending and health savings accountsEmployee assistance programOther voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnityTuition reimbursementTransitThe Applause ProgramEmployee stock purchase planSandisk's Savings 401(k) PlanCompany OverviewSandisk is a leading developer, manufacturer and provider of data storage devices and solutions based on NAND flash technology. It was founded in 1988, and is headquartered in Milpitas, California, USA, with a workforce of 5001-10000 employees. Its website is https://www.sandisk.com.Company H1B SponsorshipSandisk has a track record of offering H1B sponsorships, with 16 in 2026, 210 in 2025. Please note that this does not guarantee sponsorship for this specific role.