[Hiring] senior cybersecurity engineer, threat detection and response @Starbucks Coffee Company

Role Description

This role contributes to Starbucks’ success by operating within the Security Operations Center (SOC) to detect, investigate, and respond to cybersecurity threats across the enterprise. You will leverage SIEM and SOAR platforms to perform advanced log analysis, validate alert fidelity, and continuously assess the operational health and coverage of Starbucks’ security tooling.

You will design, build, and tune detections within the SIEM, translating real world adversary behaviors and MITRE ATT&CK aligned TTPs into high confidence, actionable alerts. This includes authoring and maintaining detection logic (e.g., KQL, SPL, or equivalent), reducing false positives and closing visibility gaps.

The role also focuses on maturing automation through SOAR by developing playbooks that standardize and accelerate investigation, enrichment, containment, and response workflows. You will integrate SOAR with security and IT platforms to automate repeatable actions.

The ideal candidate demonstrates strong analytical problem solving skills, clear technical communication, and deep expertise in modern attack techniques, logging architectures, and SOC operations. A proven, hands on track record of advancing detection engineering, SIEM/SOAR effectiveness, and incident response capabilities in highly targeted, large scale environments is essential.

Success in this role is defined by measurable contributions to a world class SOC and cybersecurity program that proactively detects threats, rapidly contains incidents, and drives consistent, effective resolution across all cybersecurity events.

As a cybersecurity engineer senior, threat detection and response, you will:

• Identify, evaluate, and appropriately address alerts and incidents
• Develop detections based on the MITRE ATT&CK Framework
• Proactively identify emerging threats and conduct threat hunting for undetected activity within the environment
• Assess alerts to establish their legitimacy, and urgency
• Adhere to SOC playbooks and standard operating procedures (SOPs) to promote consistency in triage and decision-making
• Conduct a thorough review and audit of existing logging systems to identify any gaps in detection capabilities
• Review threat intel reports and feeds, making recommendations for profile or toolset changes based on reviews
• Perform in-depth investigations on Windows, Linux, and MacOS hosts
• Create stories to enhance the SOAR environment for engineers
• Enhance SOC processes with feedback and operational insights
• Serve as both a mentor and an escalation point for SOC engineers
• Tune security tool configuration to minimize false positives
• Work closely with security leaders, engineers, and compliance teams to implement effective security plans
• Serve as a subject matter expert for security tools, applications, and processes

Qualifications

• 5+ years of experience working in an information technology discipline
• 4+ years of security operations experience
• 2+ years of detection engineering experience
• 2+ years of Threat hunting experience
• Deep technical understanding of modern Cybersecurity threats
• Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework
• Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, or Java
• Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
• Basic understanding of compliance and regulatory requirements such as SOX and PCI
• Ability to balance multiple priorities and meet deadlines
• Excellent problem-solving abilities
• Passionate about cybersecurity and self-driven to become an expert

Preferred Qualifications

• Demonstrated expertise in at least two technologies, such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, or Container Security
• Skilled in at least two focus areas, including Phishing, Data Loss Prevention (DLP), Compliance, Networking, Digital Forensics, Big Data, Threat Intelligence, Operating Systems, or Reverse Engineering
• Actively supports the cybersecurity community by teaching or contributing code
• Holds certifications like CISSP, SSCP, GCIH, or other credentials emphasizing cybersecurity

Benefits

• Access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits
• Short-term and long-term disability
• Paid parental leave
• Family expansion reimbursement
• Paid vacation from date of hire
• Sick time (accrued at 1 hour for every 25 hours worked)
• Eight paid holidays and two personal days per year
• Participation in a 401(k) retirement plan with employer match
• Discounted company stock program (S.I.P.)
• Starbucks equity program (Bean Stock)
• Incentivized emergency savings and financial well-being tools
• 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program
• Student loan management resources and access to other educational opportunities
• Access to backup care and DACA reimbursement