Sr. Cyber Security Engineer

About This Job

Key Responsibilities

Cybersecurity Incident Investigation

• Lead complex security incident investigations across cloud, identity, endpoint, application, and network layers.
• Perform root‑cause analysis, kill‑chain reconstruction, and evidence preservation with engineering‑grade depth.
• Convert investigation findings directly into new detections, automation playbooks, and AI features to reduce recurrence and detection gaps.
• Participate in a mandatory on‑call rotation, serving as a senior escalation point for complex security incidents—ensuring rapid, high‑quality investigative response and feeding lessons learned back into detections, automations, and the AI SOC platform.

Threat Detection Engineering

• Design, build, and tune high‑fidelity detection logic across Splunk, SOAR, cloud platforms, and other security telemetry systems.
• Establish repeatable processes for hypothesis‑driven detection creation, simulation, validation, and tuning.
• Improve detection precision by reducing false positives and strengthening behavioral and contextual analytics.

Proactive Threat Hunting

• Conduct proactive, intelligence‑driven hunts across large datasets using advanced analytics, anomaly detection, and adversary‑emulation techniques.
• Identify unknown threats, emerging attacker behaviors, and gaps in telemetry or tooling.
• Translate hunting insights into durable detections, AI models, automated enrichment, and new investigation workflows.

AI SOC Platform Enhancement

• Improve the AI SOC platform’s ability to perform autonomous or semi‑autonomous investigations by contributing high‑value signals, features, and decision logic.
• Work closely with AI and Security Engineering leadership to integrate hunting patterns, investigation heuristics, and detection insights into AI pipelines.
• Build feedback loops that allow AI models to learn from analyst investigations and improve over time.

Automation & SOAR Engineering

• Create high‑reliability automation workflows that handle triage, enrichment, correlation, and containment actions.
• Collaborate with Detection Engineering and Splunk/automation teams to integrate new data sources, threat‑intelligence feeds, and enrichment pipelines.

Collaboration & Engineering Excellence

• Work closely with SecOps, Cloud, AppSec, Detection Engineering, and AI Engineering teams to strengthen detection coverage and reduce operational friction.
• Produce high‑quality documentation, playbooks, knowledge articles, and engineering runbooks.
• Mentor SOC analysts, junior engineers, and cross‑team partners to uplift investigation quality and detection maturity.

Required Qualifications

• 5+ years of experience in cybersecurity (incident response, threat detection, security engineering, or threat hunting).
• Strong technical expertise in cloud security, identity security, endpoint telemetry, network analysis, or application security.
• Proven ability to perform deep‑dive incident investigations involving cloud IAM, lateral movement, privilege escalation, API abuse, malware, or application‑layer threats.
• Hands‑on experience with SIEMs (Splunk preferred), EDR tools, SOAR platforms, and automation frameworks.
• Ability to write and tune detection rules, correlation logic, saved searches, and behavioral analytics.
• Strong scripting ability (Python preferred) and familiarity with data analysis techniques.
• Willingness and ability to participate in a mandatory on‑call rotation and act as a senior escalation point during high‑severity incidents.

Preferred Qualifications

• Experience partnering with AI/ML engineering teams or contributing to AI‑assisted security tooling.
• Background in threat intelligence, malware analysis, or offensive security (red team, adversary emulation).
• Knowledge of cloud‑native detection patterns (AWS, Azure), identity‑based attacks, and API security.
• Certifications such as GCIH, GCDA, GDAT, GCTI, GCFA, or equivalent are a plus.

About Axos

Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.

Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).

Learn More about working at Axos Business Center

Pre-Employment Background Check, Medical, and Drug Test:

All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment medical and drug screening. 

Equal Employment Opportunity:

Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.

Job Functions and Work Environment:

While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.

The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.