Security Operations Engineer
Gridware
Operations
San Francisco, CA, USA
Posted on Nov 12, 2025
About Gridware
Gridware is a San Francisco-based technology company dedicated to protecting and enhancing the electrical grid. We pioneered a groundbreaking new class of grid management called active grid response (AGR), focused on monitoring the electrical, physical, and environmental aspects of the grid that affect reliability and safety. Gridware’s advanced Active Grid Response platform uses high-precision sensors to detect potential issues early, enabling proactive maintenance and fault mitigation. This comprehensive approach helps improve safety, reduce outages, and ensure the grid operates efficiently. The company is backed by climate-tech and Silicon Valley investors. For more information, please visit www.Gridware.io.
Role Description
We are seeking a Security Operations Engineer to help safeguard and scale the security of our cloud-first environment. You will be part of a collaborative team focused on building resilient, automated, and well-monitored systems that protect critical infrastructure. In this role, you will enhance our detection and response capabilities, strengthen identity and access controls, and continuously improve the processes that keep our systems secure and reliable.
You will work closely with engineering, IT, and infrastructure teams to embed security best practices into everything we build and operate. This position is ideal for a hands-on security professional who thrives on solving complex problems, improving visibility across environments, and enabling teams to move quickly without compromising safety.
Responsibilities
- Lead and support security incident response activities, including triage, investigation, containment, and post-incident review
- Analyze and triage alerts from multiple security data sources including EDR, SIEM, and network telemetry to distinguish false positives from legitimate threats and ensure timely escalation when necessary
- Manage and tune endpoint detection and response (EDR) platforms to ensure comprehensive coverage and timely, actionable alerts
- Configure, optimize, and maintain SIEM tools to improve log visibility, rule accuracy, and correlation logic
- Contribute to threat detection engineering by developing and refining correlation rules, detection logic, and response playbooks based on emerging tactics, techniques, and procedures (TTPs)
- Implement and maintain identity and access management controls, including conditional access policies and ensuring least-privilege
- Automate recurring security operations tasks through scripting and integrations across monitoring, alerting, and response tools
- Identify and assess vulnerabilities, coordinate remediation efforts with stakeholders, and track closure of findings
- Contribute to policy and compliance initiatives, helping to align operations with internal standards and external frameworks
- Continuously improve operational efficiency and incident readiness through documentation, playbook development, and tool optimization
Required Skills
- 3–5 years of experience in security operations, incident response, or a Security Operations Center (SOC) environment
- Strong understanding of threat detection, analysis, and response workflows across cloud and enterprise environments
- Hands-on experience managing and tuning endpoint detection and response (EDR) and Security Information and Event Management (SIEM) platforms
- Ability to craft detection and hunting queries in log/search languages (for example, KQL, SPL, or SQL-like languages
- Familiarity with identity and access management concepts, including conditional access, role-based access control, and least-privilege models
- Working knowledge of cloud security principles and modern infrastructure environments (AWS, Azure, or equivalent)
- Proficiency in at least one scripting or automation language (Python, PowerShell, or similar) for automating operational tasks
- Understanding of vulnerability management processes, from discovery to remediation coordination
- Awareness of common frameworks and standards such as NIST, CIS, or ISO 27001, and how they apply to operational security
- Strong analytical mindset and ability to distinguish real threats from noise in large data sets
- A proactive, detail-oriented approach to problem-solving and a passion for continuous improvement in security operations
Bonus Skills
- Exposure to security automation and orchestration platforms (SOAR) or custom response scripting
- Familiarity with cloud security posture management (CSPM) or cloud-native threat detection tools and how they integrate with centralized monitoring and response workflows
- Experience leveraging threat intelligence to enhance detection rules, enrich alerts, and improve response playbooks
- Familiarity with mapping detections and incidents to the MITRE ATT&CK framework
This describes the ideal candidate; many of us have picked up this expertise along the way. Even if you meet only part of this list, we encourage you to apply!
Benefits
Health, Dental & Vision (Gold and Platinum with some providers plans fully covered)
Paid parental leave
Alternating day off (every other Monday)
“Off the Grid”, a two week per year paid break for all employees.
Commuter allowance
Company-paid training