Apply
Sr. Security Operations Engineer
Fully Remote UK or Ireland - Remote, GBR Cybersecurity
Apply
Description

Job Title: Sr. Security Operations Engineer
Employment Type: Full-time
Work Location: Remote – UK or Ireland
Department: CISO


About CloudBees

CloudBees provides the leading software delivery platform for enterprises, enabling them to continuously innovate, compete, and win in a world powered by the digital experience. Designed for the world's largest organizations with the most complex requirements, CloudBees enables software development organizations to deliver scalable, compliant, governed, and secure software from the code a developer writes to the people who use it. The platform connects with other best-of-breed tools, improves the developer experience, and enables organizations to bring digital innovation to life continuously, adapt quickly, and unlock business outcomes that create market leaders and disruptors.


CloudBees was founded in 2010 and is backed by Goldman Sachs, Morgan Stanley, Bridgepoint Credit, HSBC, Golub Capital, Delta-v Capital, Matrix Partners, and Lightspeed Venture Partners. Visit www.cloudbees.com and follow us on Twitter, LinkedIn, and Facebook.


About the Role

We are growing quickly and have a new opening for a Sr. Security Operations Engineer to join our global security team. This is not a traditional SOC role - it sits at the intersection of security operations, detection engineering, and AI-driven automation, with a direct influence on how CloudBees products are secured by design.


You will own the engineering of our detection capability end-to-end: building detection logic, authoring and maintaining SOAR playbooks, and leveraging AI/ML to reduce manual workload and improve response fidelity. Critically, you will act as a bridge between the Security team and Product Engineering, embedding security detection requirements early in the product lifecycle and ensuring our platform's telemetry supports world-class threat visibility.


If you are a proactive self-starter who thinks in pipelines and playbooks - not just tickets - we would love to hear from you.


What You'll Do:


Detection Engineering

  • Design, build, and continuously tune detection rules across endpoint, cloud (AWS), SaaS, and application layers, aligned to the MITRE ATT&CK framework
  • Own the full detection lifecycle: hypothesis ? log analysis ? rule authoring ? testing ? deployment ? retrospective tuning
  • Develop and maintain a detection-as-code library (version-controlled, peer-reviewed, tested in CI/CD)
  • Convert threat intelligence, red team findings, and incident post-mortems into actionable, high-fidelity detections
  • Map detection coverage against MITRE ATT&CK and maintain visibility gap analyses, reporting coverage metrics to security leadership

SOAR & Automation Engineering

  • Lead the design, development, and maintenance of SOAR playbooks to automate alert triage, enrichment, containment, and notification workflows
  • Identify high-volume, repetitive SOC workflows and engineer automated responses that reduce analyst toil and mean time to respond (MTTR)
  • Build integrations between security tooling (SIEM, EDR, CNAPP, DLP, ticketing, threat intel platforms) using APIs, Python scripts, and SOAR connectors
  • Champion AI-assisted analysis (e.g., LLM-based alert summarisation, anomaly detection, automated IOC correlation) to improve detection quality and analyst efficiency

Security Operations & Incident Response

  • Provide security monitoring and incident response for cyber security events within a highly available SOC supporting internal and external stakeholders
  • Participate in the SOC on-call rotation, only on weekends, to support 24/7 security operations
  • Lead and support incident response activities: triage, containment, eradication, recovery, and post-incident review
  • Monitor and analyse SIEM alerts, correlating signals across log sources to identify true positives and reduce false positive rates
  • Conduct proactive threat hunting exercises to identify attacker presence, lateral movement, and novel TTPs not covered by existing detections

Product & Engineering Collaboration

  • Act as the Security team's embedded partner with Product Engineering, participating in sprint planning, architecture reviews, and design discussions to ensure security telemetry and logging are built into the product by default
  • Define and advocate for security observability requirements (log schemas, event types, audit trails) that enable detection rules to fire accurately against CloudBees platform activity
  • Collaborate with Product teams to establish security acceptance criteria and threat model coverage for new features and services
  • Contribute to the security roadmap for the CloudBees platform, translating operational threat intelligence into product-level security improvements
  • Provide clear, developer-friendly documentation and guidance so engineering teams can self-serve on security logging and instrumentation requirements

Vulnerability & Threat Intelligence

  • Contribute to vulnerability assessment and management processes, prioritising findings based on threat context and exploitability
  • Consume and operationalise threat intelligence feeds, translating indicators and TTPs into detection logic and hunting hypotheses
  • Participate in red team/purple team exercises, using findings to validate and improve the detection stack

What You'll Bring:


Required

  • 5+ years of experience in security operations, detection engineering, or security engineering roles
  • Proven hands-on experience building and tuning detection rules in a SIEM platform (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic SIEM)
  • Practical experience developing and maintaining SOAR playbooks and automated response workflows (e.g., Palo Alto XSOAR, Splunk SOAR, Tines, Sentinel Logic Apps)
  • Strong coding or scripting ability in Python and/or other scripting languages for automation and API integrations
  • Deep understanding of AWS security services (GuardDuty, CloudTrail, Security Hub, VPC Flow Logs) and cloud-native logging (CNAPP)
  • Experience applying the MITRE ATT&CK framework to detection coverage mapping and gap analysis
  • Solid understanding of incident response methodologies and hands-on experience leading or supporting IR activities
  • Strong engineering mindset: comfortable working with version control (Git), CI/CD pipelines, and infrastructure-as-code concepts
  • Ability to communicate complex security requirements clearly to non-security engineering audiences

Preferred

  • Experience with AI/ML-assisted detection or triage workflows (e.g., anomaly detection models, LLM-based alert enrichment, AI-driven SOAR)
  • Familiarity with detection-as-code methodologies and testing frameworks (e.g., Sigma rules, Atomic Red Team, Caldera)
  • Experience working embedded within or closely alongside Product or Engineering teams, influencing logging standards and security telemetry
  • Knowledge of container and Kubernetes security (log sources, detection patterns, runtime security tools)
  • Relevant certifications: GCIA, GCIH, GCDA, GCED, AWS Security Specialty, or equivalent
  • Experience in a DevOps or software delivery company, with an appreciation of developer workflows and CI/CD security


WHAT YOU'LL GET:

  • Highly competitive benefits and vacation package. 
  • Ability to work for one of the fastest growing companies with some of the most talented people in the industry. 
  • Team outings.
  • Fun, Hardworking, and Casual Environment.
  • Endless Growth Opportunities.


At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity - gender, racial, ethnic, and global - are stronger partners to their customers. Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization.

In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide workforce and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere. Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem solving and better solutions for our customers and their business.

Apply
View All Jobs