What are the responsibilities and job description for the Security Operations Engineer position at Gridware?
About GridwareGridware is a San Francisco-based technology company dedicated to protecting and enhancing the electrical grid. We pioneered a groundbreaking new class of grid management called active grid response (AGR), focused on monitoring the electrical, physical, and environmental aspects of the grid that affect reliability and safety. Gridware’s advanced Active Grid Response platform uses high-precision sensors to detect potential issues early, enabling proactive maintenance and fault mitigation. This comprehensive approach helps improve safety, reduce outages, and ensure the grid operates efficiently. The company is backed by climate-tech and Silicon Valley investors. For more information, please visit www.Gridware.io.Role DescriptionWe are seeking a Security Operations Engineer to help safeguard and scale the security of our cloud-first environment. You will be part of a collaborative team focused on building resilient, automated, and well-monitored systems that protect critical infrastructure. In this role, you will enhance our detection and response capabilities, strengthen identity and access controls, and continuously improve the processes that keep our systems secure and reliable. You will work closely with engineering, IT, and infrastructure teams to embed security best practices into everything we build and operate. This position is ideal for a hands-on security professional who thrives on solving complex problems, improving visibility across environments, and enabling teams to move quickly without compromising safety.Responsibilities Lead and support security incident response activities, including triage, investigation, containment, and post-incident reviewAnalyze and triage alerts from multiple security data sources including EDR, SIEM, and network telemetry to distinguish false positives from legitimate threats and ensure timely escalation when necessaryManage and tune endpoint detection and response (EDR) platforms to ensure comprehensive coverage and timely, actionable alertsConfigure, optimize, and maintain SIEM tools to improve log visibility, rule accuracy, and correlation logicContribute to threat detection engineering by developing and refining correlation rules, detection logic, and response playbooks based on emerging tactics, techniques, and procedures (TTPs)Implement and maintain identity and access management controls, including conditional access policies and ensuring least-privilegeAutomate recurring security operations tasks through scripting and integrations across monitoring, alerting, and response toolsIdentify and assess vulnerabilities, coordinate remediation efforts with stakeholders, and track closure of findingsContribute to policy and compliance initiatives, helping to align operations with internal standards and external frameworksContinuously improve operational efficiency and incident readiness through documentation, playbook development, and tool optimizationRequired Skills3–5 years of experience in security operations, incident response, or a Security Operations Center (SOC) environmentStrong understanding of threat detection, analysis, and response workflows across cloud and enterprise environmentsHands-on experience managing and tuning endpoint detection and response (EDR) and Security Information and Event Management (SIEM) platformsAbility to craft detection and hunting queries in log/search languages (for example, KQL, SPL, or SQL-like languagesFamiliarity with identity and access management concepts, including conditional access, role-based access control, and least-privilege modelsWorking knowledge of cloud security principles and modern infrastructure environments (AWS, Azure, or equivalent)Proficiency in at least one scripting or automation language (Python, PowerShell, or similar) for automating operational tasksUnderstanding of vulnerability management processes, from discovery to remediation coordinationAwareness of common frameworks and standards such as NIST, CIS, or ISO 27001, and how they apply to operational securityStrong analytical mindset and ability to distinguish real threats from noise in large data setsA proactive, detail-oriented approach to problem-solving and a passion for continuous improvement in security operationsBonus SkillsExposure to security automation and orchestration platforms (SOAR) or custom response scriptingFamiliarity with cloud security posture management (CSPM) or cloud-native threat detection tools and how they integrate with centralized monitoring and response workflowsExperience leveraging threat intelligence to enhance detection rules, enrich alerts, and improve response playbooksFamiliarity with mapping detections and incidents to the MITRE ATT&CK frameworkThis describes the ideal candidate; many of us have picked up this expertise along the way. Even if you meet only part of this list, we encourage you to apply!BenefitsHealth, Dental & Vision (Gold and Platinum with some providers plans fully covered) Paid parental leave Alternating day off (every other Monday)“Off the Grid”, a two week per year paid break for all employees. Commuter allowance Company-paid training