Cybersecurity Engineer

We're looking for a Cybersecurity Engineer to drive the design, implementation, and automation of advanced security controls across our Security Operations team. Reporting to the Manager, Cybersecurity Operations this role drives key cybersecurity programs, including the Security Operations Center (SOC), Vulnerability Management, Data Loss Prevention (DLP), ensuring the confidentiality, integrity, and availability of critical assets. This role will be tasked with supporting security strategies and initiatives while proactively addressing emerging cybersecurity risks. Strong technical expertise and a proactive approach to challenges are essential for success in this role., * Design and implement automated workflows and processes for Security Operations Center (SOC) operations.

• Manage and optimize day-to-day SOC tools and operations to ensure effective monitoring, detection, and response to security incidents.
• Develop and enhance SOC processes and procedures to improve operational efficiency, scalability, and advanced threat detection capabilities.

Incident Response

• Lead and facilitate the incident response lifecycle, including identification, containment, eradication, and recovery from security incidents.
• Conduct post-incident reviews and drive implementation of lessons learned to improve overall security posture.
• Partner with IT and GRC teams to maintain incident response readiness, including development of playbooks and execution of incident simulation exercises.

Vulnerability Management

• Support and enhance the vulnerability management program, including assessments, prioritization, tracking, and remediation strategies.
• Collaborate with IT and development teams to ensure timely patching and mitigation of identified vulnerabilities.
• Define and track program metrics, reporting status and risk trends to leadership.

Data Loss Prevention (DLP)

• Contribute to the enterprise Data Loss Prevention (DLP) strategy to protect sensitive data across systems and prevent unauthorized access or exfiltration.
• Participate in audits and assessments to evaluate DLP effectiveness and ensure compliance with internal and external requirements.

Microsoft Security Ecosystem Integration

• Maximize utilization and ROI of the Microsoft 365 E5 and Entra security stack.
• Manage and ensure full deployment of Microsoft Defender suite (Endpoint, Cloud Apps, Identity) across 95% of eligible assets.
• Integrate Microsoft Sentinel SIEM with key enterprise data sources, including SASE, EDR, IAM, and vulnerability management platforms, to enable unified threat detection and response.
• Reduce mean time to detect (MTTD) and mean time to respond (MTTR) by 30% through automation, correlation rules, and detection engineering within Sentinel.

Security Automation & AI-Driven Operations

• Leverage automation and AI to streamline detection, response, and compliance workflows across security operations.
• Automate 60% of repetitive SOC tasks using SOAR platforms, AI models, and scripted playbooks (Python, Logic Apps).
• Implement LLM-based enrichment and triage of security alerts to reduce analyst review time by 40%.
• Develop and integrate automated patch validation and remediation workflows using Infrastructure as Code (IaC) and CI/CD pipelines.
• Build and deploy anomaly detection models for user and system behavior monitoring to enhance proactive threat detection.

Do you have experience in Zero Trust security?, * 2-4+ years of hands-on experience in Security Engineering roles

• 1+ year of hands-on experience in Software Engineering
• Strong understanding of security principles, software development, Identity and Access Management (IAM), networking, vulnerability management, Security Orchestration, Automation, and Response (SOAR), and security operations
• Hands-on experience with:

• Zero Trust methodologies and Secure Service Edge (SSE) platforms (Cloudflare, Cisco, Microsoft, Palo Alto Networks)
• Python, REST APIs, and data formats (JSON, CSV, XML)
• Security automation (SOAR, CI/CD, Infrastructure as Code)
• Azure and AWS cloud environments
• IAM and Privileged Identity Management (PIM) solutions (Entra ID, CyberArk, Okta, Auth0)
• Linux and Windows administration
• SIEM platforms (Microsoft Sentinel, Splunk, Rapid7)
• Vulnerability management platforms (Qualys, Rapid7, Tenable)

• Experience with:

• DevOps methodologies and best practices
• Next-Generation Firewalls (Palo Alto, Fortinet, Sophos, Check Point)
• Compliance frameworks (PCI DSS, SOX, NIST, CIS Controls)
• Endpoint Detection and Response (EDR) platforms (Microsoft Defender, CrowdStrike, SentinelOne)
• Data Loss Prevention (DLP) solutions (Microsoft Purview, Symantec, Trellix)
• Large Language Models (LLMs) and prompt engineering concepts
• Strong problem-solving, communication, and technical documentation skills
• Proven ability to collaborate effectively with cross-functional technical teams

• Preferred / Highly Desired Qualifications:

• CISSP, CCSP, or OSCP
• AWS Certified Solutions Architect - Associate
• AWS Certified Security - Specialty
• Microsoft Certified: Azure Security Engineer Associate
• CCNA
• HashiCorp Certified: Terraform Associate

Location Requirement: This role is located in Tempe, Arizona. This position is required to be in office 4 days per week (Mon-Thurs); Fridays are optional remote work days., * Change Management

• Collaborative
• Communication
• Critical Problem Solving

Physical Requirements:

• In-Office Environment:Must be able to work in a busy, crowded, and loud office with frequent distractions and interruptions
• Must be able to collaborate in-person with occasional impromptu in-person meetings
• Office Conditions:Adaptability to typical office conditions, which may include exposure to air conditioning, heating, artificial lighting, and varying noise levels
• Mobility: Ability to sit, stand, reach, twist, stretch, and work at a desk for long stretches. Must be able to occasionally move or lift office items up to 25 pounds
• Hearing Requirements:Hearing must be sufficient or correctable to ensure clear understanding of spoken information, including participating in virtual meetings and phone calls. Use of hearing aids or other assistive devices is acceptable if needed.
• Reading and Writing Proficiency:Ability to read and write in English is essential for processing documents, drafting reports, and following up on necessary actions. Proficiency in written communication is required to handle job-related tasks effectively.
• Vision Requirements:Vision must be adequate or correctable to perform essential job duties, such as reading documents on a computer screen and using other visual tools. Use of corrective lenses or other measures to meet visual requirements is expected if needed.
• Technology Proficiency:Must be proficient in operating a computer and other office productivity tools such as printers, scanners, and collaboration software.
• Effective Communication:Must possess strong verbal and written communication skills to interact effectively with team members, clients, and other stakeholders via email, video conferencing, and other in office communication tools.

DOE

If you like wild growth and working in a unique and fun environment, surrounded by positive community, you'll enjoy your career with us!

It's fun to work in a company where people truly believe in what they are doing. At Dutch Bros Coffee, we are more than just a coffee company. We are a fun-loving, mind-blowing company that makes a difference one cup at a time.