What we are looking for

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all.

We're searching for a Staff Security Platform Engineer to join our Enterprise Security Engineering team, reporting to the Technical Lead Manager of Security Engineering.

Aurora is scaling its autonomous trucking operations, and we need someone who makes our security tools actually work, not just deployed, but deeply configured, continuously tuned, and fully leveraged. This role is for the practitioner who has spent their career living inside security platforms: the person who knows their EDR better than the vendor's own support team, who can write a SIEM query from memory, and who instinctively knows when an alert is misfiring and exactly why.

This is not a software engineering role. It's a role for an elite security operator — someone with the instincts of a seasoned SOC analyst and the technical depth to own the platforms that power detection, response, and protection at enterprise scale. If you find deep satisfaction in mastering a tool, closing a coverage gap, or hunting down a threat that nobody else noticed, this role was written for you.

In this role you will

• Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
• Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
• Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
• Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
• Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
• Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do — not just deployed and forgotten.
• Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.

Required qualifications

• 12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
• Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
• Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
• Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
• Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
• Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
• Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.

Desirable qualifications

• Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
• Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
• Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
• Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
• Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.

The base salary range for this position is $189,000 - $274,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

About the Role

We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. 

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities: 

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.
• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.
• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.
• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.
• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.
• Design and deploy agentic AI workflows that extend team capacity, using Claude to serve as a virtual GRC analyst to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.
• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.
• Build and lead an AI-forward GRC engineering function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 12+ years of total experience and 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.
• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.
• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems more than your programming language proficiency.
• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalize it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.
• Understand APIs and integration patterns: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation.
• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.
• Have strong analytical and problem-solving skills with attention to detail necessary for compliance work, balanced with pragmatism about risk-based prioritization in fast-paced environments.

Strong candidates may have:

• Experience designing or implementing AI-powered automation, agentic workflows, or LLM-based tooling in operational contexts.
• Experience with GRC platforms such as ServiceNow GRC, Vanta, Drata, OneTrust, RSA Archer, or similar tools including configuration, customization, and integration capabilities
• Familiarity with scripting languages (Python or similar) for automation tasks, API interactions, and data transformation.
• Prior experience in high-growth startup environments demonstrating ability to build scalable processes and adapt quickly to changing requirements and priorities
• Familiarity with Infrastructure as Code tools (Terraform, CloudFormation, Ansible) and DevSecOps practices including CI/CD pipeline integration and policy-as-code implementations.
• Familiarity with cloud platforms (AWS, GCP, Azure) and an understanding of how compliance-relevant data can be extracted from their APIs and logging systems.

Deadline to apply: None, applications will be received on a rolling basis.

ABOUT THE TEAM

Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defense technologies. As a SecOps Analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. As a Senior SecOps Analyst, you will serve as an incident commander alongside other senior analysts. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalization operations across the organization to understand user behavior and identify anomalies. 

WHAT YOU'LL DO

• Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
• Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles
• As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
• Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
• Organize and conduct threat hunting and data baselines to identify anomalous patterns in data
• Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders. As a Senior SecOps Analyst, you will serve as an incident commander as necessary.
• Proactively collaborate with a wide range of stakeholders, guiding detection and response maturity of key worlds, leading incidents and large-scale data baselines, and being responsible with mentoring and guiding junior analysts.

REQUIRED QUALIFICATIONS

• Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
• Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
• Must have experience with one or more SIEM languages (SPL, KQL, SQL)
• Experience conducting analysis in a data lake environment
• Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
• Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
• Strong communication skills and experience collaborating with internal and external stakeholders
• Must be able to obtain and hold a U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Experience conducting incident response in the Cloud (AWS, Azure, GCP)
• Digital Forensics and/or reverse engineering experience is a plus!

Position Summary

Do you like securing complex cloud services and infrastructure? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Sr. Product Security Engineer, experienced with modern cloud system development and infrastructure-as-code practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.

We're looking for candidates with a mix of cloud security, infrastructure security, security information and event management (SIEM) technologies, DevOps, and software development experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.

You must have experience securing cloud environments and modern computing infrastructure, deploying and operating SIEM tools, and strong familiarity with Infrastructure-as-Code and container technologies.

Key Responsibilities

• Implement and operate Splunk Cloud Platform and Enterprise Security, including setting up log ingestion from required source systems and ensuring correct parsing and categorization of log events for effective SIEM operations
• Implement and operate endpoint detection and response (EDR) and network detection & response (NDR) solutions
• Develop system configuration and hardening standards and coordinate with other teams to ensure compliance with those standards
• Define standards for secure configuration of application and infrastructure components
• Perform threat modeling, security design reviews, code reviews, and consultations with other staff
• Build and improve vulnerability management processes and tooling to support system owners to successfully remediate issues
• Perform, automate and streamline patching and vulnerability remediation activities
• Develop and deliver training on cloud security issues, best practices and internal policies
• Select, implement and manage cloud security tools including cloud security posture management (CSPM), network/host/container/IaC vulnerability scanners and configuration auditing
• Participate in manual pen testing of new + existing systems
• Perform and/or lead security investigation and incident response activities
• Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

Required Qualifications

• Bachelor’s degree or equivalent experience in computer science, engineering, or information technology
• 8+ years of experience in security engineering, software development and/or DevOps, with a focus on securing complex systems and modern cloud infrastructure
• Strong experience securing AWS cloud platform and services, including the implementation of guardrails using service control policies (SCPs), IaC policies, CSPM, or similar strategies
• Experience implementing Splunk Enterprise Security to monitor cloud-based systems
• Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)
• Experience securing cloud-based web applications, APIs, data and infrastructure
• All R&D Employees will be required to attend 2 mandatory in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each
• Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
• Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each

Preferred Qualifications

• Experience securing software-as-a-service (SaaS) and cloud service offerings
• Experience with meeting FedRAMP, NIST SP 800-53 and similar compliance requirements
• Experience deploying or managing EDR and NDR solutions (such as ExtraHop RevealX)
• Experience securing Google Cloud Platform (GCP) and Azure 
• Experience working in a security operations center (SOC) and/or leading security incident response activities
• Solid knowledge of Kubernetes, Git, Python, Terraform, Ansible, and the use of scripting in support of security automation, CI/CD pipelines

The salary range for this role is $150,000 - $180,000 + bonus + benefits. 

Senior Security Engineer

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

This position is based out of our headquarters in the Greater Seattle Area and requires onsite presence 5 days per week. #LI-onsite

Who We Need

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.

This Opportunity   

Success in the healthcare industry is predicated on a foundation of trust. We demonstrate our trustworthiness as stewards of health data through three foundational pillars: security, privacy, and compliance.

The successful candidate will design, implement and support solutions that support the company’s Digital Workplace strategy. They will work on leading edge technologies that help modernize endpoint management by leveraging the cloud to quickly deliver end-user improvements.

Responsibilities

Incident Response 

• • Handle investigation and response to security incidents across endpoints, identities, email, cloud workloads, and SaaS applications
  • Act as a senior escalation point for SOC analysts during complex or ambiguous security events
  • Participate in on-call rotations and provide senior-level escalation support when needed
  • Lead or contribute to post-incident reviews (RCA, postmortems) and track remediation actions to completion
  • Ensure incidents are accurately documented for audit, compliance, and operational learning
  • Maintain and improve incident response runbooks, playbooks, and escalation procedures
  • Support incident readiness activities, including tabletop exercises and response drills

Detection Engineering & Automation

• • Develop, tune, and maintain Microsoft Sentinel analytics rules to improve detection quality and reduce false positives
  • Design and optimize KQL queries for investigations, threat hunting, and detection engineering
  • Integrate and maintain log sources and data connectors in Microsoft Sentinel, ensuring data quality and proper normalization
  • Build and maintain SOAR automation and playbooks (Logic Apps) for alert enrichment, triage, and response

Proactive Security & Posture

• • Perform proactive threat hunting across Microsoft Sentinel and Defender data to identify emerging or stealthy threats
  • Monitor and continuously improve detection coverage and security posture (e.g., Secure Score, exposure signals)

SOC Maturity & Collaboration

• • Track and report on SOC and incident metrics such as MTTD, MTTA, MTTR, alert volume, and detection effectiveness
  • Partner with engineering and infrastructure teams to drive long-term remediation and risk reduction
  • Contribute to the continuous improvement of SOC tooling, automation, and operational maturity
  • Help define and improve SOC processes, workflows, and standards

Mentorship & Continuous Learning

• • Mentor and guide SOC analysts and junior engineers through investigations and response activities
  • Stay current on threat intelligence, attacker techniques (MITRE ATT&CK), and the Microsoft security roadmap

Key Qualifications

• The knowledge, skills, and abilities typically acquired through the completion of a Bachelor’s degree in Cyber Security, Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience.
• 5+ years of experience in Security Operations (SOC), Incident Response, or Detection & Response role, with demonstrated ownership of complex security incidents.
• Hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, Cloud Apps).
• Proficiency in KQL (Kusto Query Language) for investigations, threat hunting, and detection engineering.
• Experience designing, tuning, and maintaining SIEM detections and SOAR automation, including alert triage and response workflows.
• Solid understanding of Azure cloud architecture, core services, and native security controls.
• Familiarity with Azure Entra ID, identity security concepts, RBAC, and IAM-related threats.
• Experience with handing high-severity security incidents, including cross-team coordination and stakeholder communication.
• Familiarity with MITRE ATT&CK, threat actor techniques, and modern attack methodologies across cloud, identity, and endpoint environments.
• Experience supporting on-call rotations and working in a 24/7 or follow-the-sun SOC environment.
• Strong written and verbal communication skills, with the ability to explain technical issues to both technical and non-technical audiences.
• Ability to mentor junior analysts and contribute to the continuous improvement of SOC processes and tooling.
• Relevant certifications such as Microsoft Security Operations Analyst Associate, Azure Security Engineer Associate, SC-200, SC-100, CySA+, GCIH, GCIA, CISSP, or similar are strongly preferred.

Why Truveta?  

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together. 

We Offer:

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person)
• The base pay for this position is $135,000 to $180,000. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.

If you are based in California, we encourage you to read this important information for California residents linked here.

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.

Please note that all applicants must be authorized to work in the United States for any employer as we are unable to sponsor work visas or permits (e.g. F-1 OPT, H1-B) at this time. We appreciate your interest in the position and encourage you to explore future opportunities with us.