Senior SOC Engineer
Kandji
Miami, FL, USA
Posted on Nov 4, 2025
About Iru
Iru is the AI-powered security & IT platform used by the world’s fastest-growing companies to secure their users, apps, and devices. Built for the AI era, Iru unifies identity & access, endpoint security & management, and compliance automation—collapsing the stack and giving IT & security time and control back.
Iru is backed by some of the smartest investors in tech—General Catalyst, Tiger Global, Felicis, Greycroft, and First Round Capital. In July 2024, Iru raised $100 million from General Catalyst, valuing the company at $850 million. Customers include Notion, Cursor, Lovable, Replit, and Mercor, and Iru partners with industry leaders such as ServiceNow and AWS. Iru was named to Forbes’ America’s Best Startup Employers 2025 list for employee engagement and satisfaction.
The Opportunity:
Iru is looking for a Senior SOC Engineer to strengthen our growing Security Operations function. This role is ideal for someone who thrives in fast-moving environments, enjoys investigative work, and has experience co-managing modern SIEM platforms.
You’ll help mature the operational side of our security program — monitoring, investigating, and responding to alerts across our infrastructure and applications. The right candidate brings a mix of technical curiosity, strong investigative instincts, and hands-on experience with cloud security tools, scripting, and detection engineering.
How You Will Make a Difference Day to Day:
- Investigate security alerts and potential incidents, using tools like Panther, Wiz, and EDR platforms to assess severity, impact, and required response.
- Manage Iru’s SIEM instance — tuning detections, improving log coverage, and building custom alerts using Python-based detection-as-code frameworks.
- Monitor and triage security events across Iru’s AWS environments, applications, and infrastructure.
- Collaborate directly with employees and teams to assess and respond to security notifications or suspicious behavior.
- Partner with Security Research to improve detection logic.
- Assist in incident response — conducting initial investigations, collecting evidence, and coordinating with senior engineers for containment and remediation.
- Contribute to maturing security operations — identifying process gaps, improving monitoring visibility, and documenting response playbooks.
- Collaborate cross-functionally with Engineering, Product, and IT to improve detection coverage and ensure alignment between systems and policies.
- Support security awareness and response readiness by helping build a strong detection and alerting foundation across the organization.
We’d love to hear from you if you have:
- 5+ years of experience in Security Operations, Incident Response, or a related hands-on security role.
- Experience with SIEM platforms such as Panther, ELK, or Splunk — including alert investigation, rule tuning, and detection authoring.
- Practical experience with cloud security (preferably AWS) — monitoring audit logs, IAM activity, and workload events.
- Hands-on scripting experience, ideally in Python (preferred) or Bash — used for automations, integrations, or detection authoring.
- Understanding of detection-as-code frameworks and how to design detections based on real-world attacker behaviors.
- Familiarity with EDR tools and how SIEM platforms ingest and correlate alerts from them.
- Experience participating in or supporting incident response investigations — from triage to containment.
- Familiarity with Mac and Windows forensics fundamentals.
- Strong written and verbal communication skills; able to translate technical findings into clear business impact.
- Required to work on-site 5x a week in our Miami office (Coral Gables).
- Application Security
- Cloud Platform Security
- Container Security
- Endpoint Security
- Network Security
- Email Security
- Database Security
- Incident Response Frameworks and Activities
- MITRE ATT&CK Framework
- Social Engineering Techniques
Knowledge across multiple security domains, including:
Nice to haves, but NOT required:
- Prior experience helping mature or build a security operations program from the ground up.
- Background in threat hunting or detection engineering.
- Experience integrating Wiz or similar cloud posture management tools into a SIEM workflow.
- Knowledge of security automation frameworks, including alert enrichment and workflow orchestration.
- Hands-on experience supporting hybrid (Mac + Windows) endpoint environments.
Benefits & Perks
Competitive salary
100% individual and dependent medical + dental + vision coverage
401(K) with a 4% company match
20 days PTO
Flexibility to work from anywhere for up to 30 days per year
Iru Wellness Week the first week in July
Equity for full-time employees
Lunch stipend provided Monday through Friday
Up to 16 weeks of paid leave for new parents
Paid Family and Medical Leave
Modern Health mental health benefits for individuals and dependents
Fertility benefits
Working Advantage employee discounts
Onsite fitness center
Free parking
Exciting opportunities for career growth
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Iru, we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
Iru is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.