Software Engineer - SOC

About PoshmarkPoshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.ResponsibilitiesMonitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behaviorLead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processesPerform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilitiesDesign, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CDCreate and continuously improve incident response playbooks as modular, reusable, and programmatic workflowsFine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvementsCollaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliabilityEngineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrationsImplement and scale security monitoring solutions across cloud-native and distributed environmentsConduct proactive threat hunting using data-driven and hypothesis-based approachesEnrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelinesContribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient codeParticipate in architecture and design discussions to embed security into systems from the ground upDrive and contribute to broader security engineering and SOC modernization projectsMinimum Qualifications2–4 years of experience in information security, security engineering, or a related fieldHands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systemsExperience with incident response and security investigationsStrong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerationsProficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and toolingFamiliarity with software engineering fundamentals (data structures, APIs, version control, testing)Preferred QualificationsExperience in Incident Response, Malware Analysis, and Threat HuntingBackground in SOC, or SecDevOps practicesExperience building or maintaining internal security tools or platformsKnowledge of distributed systems and observability (logging, metrics, tracing)Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)Relevant certifications (e.g., GCIA or similar)6-Month AccomplishmentsIndependently handle full incident response lifecycle with a focus on improving repeatability through automationBuild or enhance at least one automation workflow (e.g., alert enrichment, triage pipeline, or response action) that reduces manual effortDevelop high-fidelity detections with low false-positive rates using structured testing and validation approachesAuthor and maintain programmatic incident response playbooks integrated with SOC toolingDemonstrate strong understanding of the evolving threat landscape and apply insights to detection engineeringContribute code or improvements to internal SOC tools, repositories, or automation frameworks12+ Month AccomplishmentsSignificantly reduce Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through scalable engineering solutions and automationEstablish and maintain a robust detection engineering lifecycle (design, test, deploy, measure, iterate)Improve overall security operations posture through continuous system-level and architectural enhancementsLead or contribute to major security engineering projects that strengthen monitoring, detection, and response capabilitiesBuild reusable frameworks, libraries, or services that elevate SOC efficiency and engineering maturityAct as a bridge between Security and Engineering teams, promoting secure-by-design principles across the organization