Security Engineer, Detection & Response

Kharon is seeking a full-time, remote-based Security Engineer, Detection & Response to join their Information Security team. The ideal candidate will have 5+ years of experience in Information Security with a focus on Detection & Response, SOC Engineering, or Blue Teaming, and will possess expert-level Linux background and experience setting up a SIEM from scratch.

Requirements

• 5+ years in Information Security with a focus on Detection & Response, SOC Engineering, or Blue Teaming
• Expert-level Linux background (Ubuntu, RHEL, Amazon Linux etc.)
• Proven experience setting up a SIEM from scratch or significantly refactoring an existing deployment (e.g., Splunk, Panther, Elastic, Datadog Security, Sumo Logic)
• Expertise in SIEM-specific languages (e.g., KQL, SPL, SQL, ES|QL, OPAL)
• Deep understanding of AWS security (CloudTrail, GuardDuty, VPC Flow Logs, s3, IAM) and how to detect threats in a cloud-native environment
• Expertise in multi-stage data parsing (Regex, Grok, KQL Parse) to transform raw, unstructured logs into actionable security intelligence
• Familiarity with telemetry from EDR tools (CrowdStrike) and Identity Providers (Okta/Google)
• Proficiency in Python or Bash for automating log analysis and response tasks
• Familiarity with common compliance frameworks such as SOC, ISO, GDPR etc.
• Infrastructure as Code (Terraform) to deploy security logging infrastructure (bonus points)
• Ethical Hacking/Penetration Testing background (bonus points)
• Experience with Tailscale or Zero Trust networking concepts (bonus points)
• Knowledge of Osquery for endpoint visibility (bonus points)

Benefits

• Fully sponsored medical, dental, and vision
• FSA program for both medical and dependent care
• 401k + Roth with matching and immediate vesting
• Paid time off + 11 paid holidays