Senior Security Engineer

Senior Security Engineer

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

This position is based out of our headquarters in the Greater Seattle Area and requires onsite presence 5 days per week. #LI-onsite

Who We Need

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.

This Opportunity   

Success in the healthcare industry is predicated on a foundation of trust. We demonstrate our trustworthiness as stewards of health data through three foundational pillars: security, privacy, and compliance.

The successful candidate will design, implement and support solutions that support the company’s Digital Workplace strategy. They will work on leading edge technologies that help modernize endpoint management by leveraging the cloud to quickly deliver end-user improvements.

Responsibilities

Incident Response 

• • Handle investigation and response to security incidents across endpoints, identities, email, cloud workloads, and SaaS applications
  • Act as a senior escalation point for SOC analysts during complex or ambiguous security events
  • Participate in on-call rotations and provide senior-level escalation support when needed
  • Lead or contribute to post-incident reviews (RCA, postmortems) and track remediation actions to completion
  • Ensure incidents are accurately documented for audit, compliance, and operational learning
  • Maintain and improve incident response runbooks, playbooks, and escalation procedures
  • Support incident readiness activities, including tabletop exercises and response drills

Detection Engineering & Automation

• • Develop, tune, and maintain Microsoft Sentinel analytics rules to improve detection quality and reduce false positives
  • Design and optimize KQL queries for investigations, threat hunting, and detection engineering
  • Integrate and maintain log sources and data connectors in Microsoft Sentinel, ensuring data quality and proper normalization
  • Build and maintain SOAR automation and playbooks (Logic Apps) for alert enrichment, triage, and response

Proactive Security & Posture

• • Perform proactive threat hunting across Microsoft Sentinel and Defender data to identify emerging or stealthy threats
  • Monitor and continuously improve detection coverage and security posture (e.g., Secure Score, exposure signals)

SOC Maturity & Collaboration

• • Track and report on SOC and incident metrics such as MTTD, MTTA, MTTR, alert volume, and detection effectiveness
  • Partner with engineering and infrastructure teams to drive long-term remediation and risk reduction
  • Contribute to the continuous improvement of SOC tooling, automation, and operational maturity
  • Help define and improve SOC processes, workflows, and standards

Mentorship & Continuous Learning

• • Mentor and guide SOC analysts and junior engineers through investigations and response activities
  • Stay current on threat intelligence, attacker techniques (MITRE ATT&CK), and the Microsoft security roadmap

Key Qualifications

• The knowledge, skills, and abilities typically acquired through the completion of a Bachelor’s degree in Cyber Security, Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience.
• 5+ years of experience in Security Operations (SOC), Incident Response, or Detection & Response role, with demonstrated ownership of complex security incidents.
• Hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, Cloud Apps).
• Proficiency in KQL (Kusto Query Language) for investigations, threat hunting, and detection engineering.
• Experience designing, tuning, and maintaining SIEM detections and SOAR automation, including alert triage and response workflows.
• Solid understanding of Azure cloud architecture, core services, and native security controls.
• Familiarity with Azure Entra ID, identity security concepts, RBAC, and IAM-related threats.
• Experience with handing high-severity security incidents, including cross-team coordination and stakeholder communication.
• Familiarity with MITRE ATT&CK, threat actor techniques, and modern attack methodologies across cloud, identity, and endpoint environments.
• Experience supporting on-call rotations and working in a 24/7 or follow-the-sun SOC environment.
• Strong written and verbal communication skills, with the ability to explain technical issues to both technical and non-technical audiences.
• Ability to mentor junior analysts and contribute to the continuous improvement of SOC processes and tooling.
• Relevant certifications such as Microsoft Security Operations Analyst Associate, Azure Security Engineer Associate, SC-200, SC-100, CySA+, GCIH, GCIA, CISSP, or similar are strongly preferred.

Why Truveta?  

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together. 

We Offer:

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person)
• The base pay for this position is $135,000 to $180,000. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.

If you are based in California, we encourage you to read this important information for California residents linked here.

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.

Please note that all applicants must be authorized to work in the United States for any employer as we are unable to sponsor work visas or permits (e.g. F-1 OPT, H1-B) at this time. We appreciate your interest in the position and encourage you to explore future opportunities with us.