It's fun to work in a company where people truly believe in what they are doing. At Dutch Bros Coffee, we are more than just a coffee company. We are a fun-loving, mind-blowing company that makes a difference one cup at a time.
Position Overview:
A Staff Engineer - Cybersecurity acts as a technical force multiplier by designing "paved road" architectures that make security the default state for all engineering teams. They move beyond individual fixes to build automated guardrails within the CI/CD pipeline, ensuring the organization scales securely without sacrificing velocity. By bridging the gap between deep technical risk and business strategy, they influence long-term infrastructure decisions and elevate the entire department’s security culture through high-level mentorship and cross-functional leadership.
Reporting directly to the CISO, you will be the leading technical voice on security strategy, architecture, and engineering execution across the enterprise. You will lead and partner to implement and optimize our Microsoft security ecosystem (Entra ID, Defender, Sentinel, Purview), and provide engineer direction to mature our SIEM, SOAR, and SecOps capabilities, and strengthen our hybrid cloud security posture across Azure, AWS, and on-premises environments. You will shape detection engineering strategy, automate security operations at scale, and ensure our platforms deliver maximum protection and operational efficiency.
Job Qualifications:
7+ years of hands-on experience in security engineering roles.
2+ years of hands-on experience in software engineering.
Strong understanding of security principles, software development, IAM, networking, and application security.
Demonstrated ability to influence technical direction across teams and mentor other engineers.
Strong problem-solving, communication, and documentation skills.
Proven ability to collaborate with and influence cross-functional technical teams.
DevOps methodologies and principles (CI/CD pipelines, Infrastructure as Code, GitOps)
Vulnerability Management platforms (Qualys, Rapid7 InsightVM, Tenable)
EDR platforms (Microsoft Defender for Endpoint, CrowdStrike, SentinelOne)
Compliance frameworks (PCI DSS, SOX, NIST, CIS 18)
DLP solutions (Microsoft Purview, Symantec, Trellix)
Large Language Models (LLMs) and prompt engineering applied to security workflows
Extensive hands-on experience with:
Microsoft security platforms (Sentinel, Defender, Entra ID, Purview)
SIEM platforms (Microsoft Sentinel, Splunk, Rapid7) including detection engineering and analytics rule development
Security automation (SOAR, CI/CD, IaC) and building automated response playbooks
Python, REST APIs, and data formats (JSON, CSV, XML)
Azure and AWS cloud environments, including cloud-native security controls
Linux and Windows administration
Preferred Certifications:
ISC(2): CISSP, CISM, CCSP
AWS Certified: Security – Specialty, Solutions Architect Associate
Microsoft Certified: Azure Security Engineer Associate, Identity and Access Administrator Associate, Security Operations Analyst Associate
Cisco Certified: CCNA, CCNP
HashiCorp Certified: Terraform Associate
Offensive Security: OSCP, OSCE
Location Requirement:
This position is remote. However, candidates who reside within the Greater Phoenix, Arizona area will be expected to work a hybrid schedule from the Tempe, Arizona office four days per week (Monday–Thursday), with Fridays as an optional remote work day.
Key Result Areas (KRAs):
Microsoft Security Ecosystem Integration:
Partner with Identity and Endpoint teams to drive ≥ 90% coverage of Conditional Access and PIM enforcement.
Guide the deployment strategy for Microsoft Defender capabilities to reach ≥ 95% of eligible assets.
Oversee the architectural integration of Sentinel with core telemetry sources to enable high-fidelity detection and response coordination.
SIEM, SOAR, and SecOps Effectiveness:
Champion automation initiatives to reduce mean time to detect (MTTD) and respond (MTTR) by ≥ 30% through improved correlation and playbook design.
Lead the design of SOAR workflows to automate ≥ 60% of repetitive tasks, partnering with SecOps for implementation.
Drive the strategy for improving signal-to-noise ratio by guiding the tuning of detections based on threat trends.
Hybrid Cloud Security Posture and Resilience:
Define and guide the adoption of policy-as-code guardrails for cloud and on-premises infrastructure.
Drive the strategy for hybrid telemetry integration and posture monitoring to enable faster risk identification.
Partner with engineering and infrastructure teams to prioritize and track the remediation of high-risk misconfigurations and vulnerabilities.
Technical Leadership and Security Influence:
Champion the adoption of security engineering standards, reference architectures, and implementation patterns across teams.
Represent security in architectural decision-making as a trusted technical authority, influencing major technology initiatives.
Mentor engineers and elevate team capabilities through coaching, design reviews, and sharing operational best practices.
Skills:
Microsoft Security Ecosystem Architecture and Operations
SIEM Engineering and Detection Development
Security Automation and SOAR Orchestration
Hybrid Cloud Security Architecture (Azure, AWS, On-Premises)
Infrastructure as Code and CI/CD Pipelines
Technical Leadership and Cross-Functional Influence
Collaborative Communication
Critical Problem Solving
Physical Requirements:
In-Office Environment: Must be able to work in a busy, crowded, and loud office with frequent distractions and interruptions
Must be able to collaborate in-person with occasional impromptu in-person meetings
Office Conditions: Adaptability to typical office conditions, which may include exposure to air conditioning, heating, artificial lighting, and varying noise levels
Mobility: Ability to sit, stand, reach, twist, stretch, and work at a desk for long stretches. Must be able to occasionally move or lift office items up to 25 pounds
Hearing Requirements: Hearing must be sufficient or correctable to ensure clear understanding of spoken information, including participating in virtual meetings and phone calls. Use of hearing aids or other assistive devices is acceptable if needed.
Reading and Writing Proficiency: Ability to read and write in English is essential for processing documents, drafting reports, and following up on necessary actions. Proficiency in written communication is required to handle job-related tasks effectively.
Vision Requirements: Vision must be adequate or correctable to perform essential job duties, such as reading documents on a computer screen and using other visual tools. Use of corrective lenses or other measures to meet visual requirements is expected if needed.
Technology Proficiency: Must be proficient in operating a computer and other office productivity tools such as printers, scanners, and collaboration software.
Effective Communication: Must possess strong verbal and written communication skills to interact effectively with team members, clients, and other stakeholders via email, video conferencing, and other in office communication tools.
Compensation:
DOE
If you like wild growth and working in a unique and fun environment, surrounded by positive community, you'll enjoy your career with us!