We build enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a growing product ecosystem that processes massive volumes of operational data.
Security here is not about checkbox compliance or alert theater. It’s about knowing what’s happening in our systems early enough to matter
What You'll Own
Own Security Visibility Across the Company
Own our Sumo Logic SIEM end-to-end:
Collectors
Pipelines
Detections
Data quality
Cost vs. value tradeoffs
Ensure security telemetry exists across:
Corporate systems
Cloud infrastructure
Platform and product components
Third-party vendors
Build detections only after validating the underlying signal is trustworthy.
This is not “just writing rules.” You are responsible for whether we can see things at all.
Build Product & Platform Telemetry (Hard Problems)
Our product generates hundreds of millions of events through APM and platform systems — most of which we cannot ingest directly today.
You will:
Identify what security-relevant signals should exist
Work with engineering to find or extract them
Design creative approaches when:
Logs don’t exist
Data volume is extreme
Native tools don’t scale
Build custom solutions when necessary
You’re not expected to boil the ocean — you are expected to make smart tradeoffs.
Improve Operational Awareness (Beyond Alerts)
Not everything becomes an alert.
You’ll help build visibility into things like:
Patch and update status across platform components
Configuration drift
Runtime state and exposure windows
Changes that materially increase risk
Much of this data exists today only in fragments. Your job is to aggregate, normalize, and make it useful.
Turn External Threats into Internal Action
We monitor:
CVEs
Vendor advisories
Security releases
Dark-web activity relevant to us and our vendors
But monitoring alone isn’t enough. You’ll:
Quickly determine applicability to our environment
Correlate external signals to internal assets
Drive investigations, detections, or remediation
Help shorten the gap between “this exists” and “we’ve responded”
Lead Security Incident Response
You will be the default Incident Commander for security events. That means:
Leading investigations end-to-end
Coordinating across infrastructure, application, and systems teams
Driving clear decisions and communication
Running post-incident reviews and forcing learnings back into the system
If something happens and no one knows who’s in charge — that’s a failure this role owns.
What You Bring
3+ years in security engineering, detection engineering, or incident response
Hands-on experience with SIEMs and large-scale log data
Strong understanding of cloud environments (especially AWS)
Experience investigating across logs, identity, network, and applications
Ability to build or automate solutions (Python, scripting, etc.)
Strong communication skills — especially during incidents
Experience with product telemetry, data engineering, or platform security is a plus.
