Principal Engineer, Security Operations

What you'll do

• Serve as the primary technical authority for Digital Turbine’s SOC ecosystem and cloud threat detection strategy
• Optimize and mature relationship with Managed Security Services Provider (MSSP) ensuring detection quality, response speed, and continuous tuning
• Lead and execute complex incident investigations including triage, analysis, containment, and remediation across GCP, AWS, and containerized workloads
• Design and maintain advanced detection and automation use cases using SIEM, SOAR, and log management platforms tailored to cloud environments
• Operationalize and fine-tune tools such as CrowdStrike, Orca Security, and related platforms to maximize visibility and protection coverage
• Develop, test, and enhance incident response playbooks and threat-hunting methodologies aligned with MITRE ATT&CK and industry best practices
• Plan, coordinate, and execute tabletop exercises, business continuity, and disaster recovery drills to validate response readiness and cross-team coordination
• Define and track SOC performance metrics (e.g., MTTD, MTTR) and produce actionable insights for leadership and technical stakeholders
• Collaborate with DevOps, application engineering, GRC, and legal teams to embed operational security practices supporting compliance and business goals
• Contribute to vendor selection, tooling evaluation, and threat intelligence initiatives to strengthen overall security posture
• Act as mentor and thought leader on detection engineering, incident response, and cloud security best practices

Requirements

• 12+ years of cybersecurity experience with deep expertise in security operations, threat detection, or incident response within global enterprise or SaaS environments
• Significant hands-on experience developing and managing SOC functions for GCP and AWS, including cloud logging, monitoring, and automation
• Strong familiarity with MSSP models and improving service quality through engineering insight and data
• Proficiency with SOC tooling such as CrowdStrike, Orca, SIEM/SOAR platforms, and related telemetry and automation tools
• Deep understanding of modern adversary tradecraft, cloud attack paths, and detection engineering frameworks
• Experience supporting or interfacing with compliance programs such as SOC 2, ISO 27001, or SOX
• Excellent analytical and communication skills to present technical findings and risks to engineers and executives
• Advanced security certifications such as CISSP, GCIH, GCFA, CISM, or CCFR highly desirable
• Google Cloud certifications (e.g., Professional Cloud Security Engineer, Professional Cloud Architect) preferred

Tech stack

Benefits