Senior Security Operations Engineer

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.

We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success.

We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.

The Role and Team

At Medallia, the Security Operations team increases Medallia’s long-term value by building enterprise-grade, best-in-class security to detect indicators of compromise and security malfeasance, as well as leading Medallia’s security incident response and investigative capabilities across the entire organization. We are passionate about security, threat hunting, automation, and rapid iteration, and love creating pragmatic solutions to challenging problems.

We work closely with our Red-Team and perform Tabletop exercises that allow us to build company-wide muscle memory for responding to incidents.

As a next-generation Security Operations team, DevSecOps methodology is our focus, and our engineers utilize best-in-class tools to deliver robust security capabilities across our multi-cloud platform.

We are looking for a Senior Security Operations that shares our passion and be able to work closely with our global engineering teams and ensure that we have best-in-class detection and response capabilities deployed throughout our platform.

OUR ENGINEERING CULTURE:

We don’t expect perfection, but we are always proactively seeking out ways to help ourselves and our teams to minimize pain points within our infrastructure and code base.
We love technology, follow the latest technologies and share what we learn.
We are not afraid of failing when we are experimenting with different technologies, development methodologies, and toolings.
We build strong relationships with team members around the globe and are not afraid to challenge our team members and peers on enforcing good habits and best practices.

• Build Security Use Cases and implement them in the SIEM and SOAR. Utilize pattern matching techniques, machine learning algorithms, statistical models, and other novel capabilities or techniques to detect and respond to insider threats, advanced persistent threats/attackers (“APT”), and anomalous behavior of systems.
• Build detection mechanisms that identify indicators of compromise and other forms of security malfeasance or misconfiguration.
• Respond to Security Incidents and lead investigations related to real or potential indicators of compromise.
• Build automation around our security response and reduce the need for high-touch, human intervention, and investigation into common security events and patterns.
• Utilize various open-source tools, platforms and scripting languages like Terraform, Packer, Linux, Kubernetes, GIT, Python, and Go to instrument and build our security platforms and tools using an infrastructure-as-code model on a hybrid (cloud and on-premise) platform.
• Participate within our on-call security operations team that Medallia counts on to protect our customers, employees, and infrastructure from common and novel threat actors.
  Work with teams across the world throughout Medallia's Global Workforce

Minimum Qualifications

• 4 or more years working within the Security Operations field including experience in responding to security issues or challenges, such as: threat hunting, intrusion detection, signals intelligence, incident response, forensics, security architecture and infrastructure.
• Prior experience administering or working with Security Information Event Management (SIEM), such as Splunk, ElasticSearch, Qradar, etc. and have experience analyzing large data sets in order to separate true signals from noise.
• Knowledge/understanding of how HIDS, Networking devices (Firewalls, IPS/IDS, Routers, etc.), Anti-Malware, Anti-Spam and DLP solutions work, and possess a deep understanding and recent experience with Linux/Windows/Mac system administration and hardening experience.
• Programming experience in one or more languages such as Python, Bash, Go, Java or C.
• Prior experience administering or working with a Vulnerability Management tool, such as Tenable, InsightVM, Qualys and also responding to the vulnerabilities detected by the tool (Triage - Know what the vulnerability is and how to prioritize and remediate it, collaboration with other teams).
• Strong troubleshooting capabilities, a curious mindset, a willingness to continually increase detection capabilities, and a passion for both the human and technical aspects in the art and science of information security.

Preferred Qualifications

• Prior experience working with Cloud providers, AWS, GCP, Azure, OCI especially hands-on experience on:
• Cloud Security Posture Management: IAM Roles, Policies, etc.
• Prior experience working with open-source tools like Terraform, Packer, GIT and Jenkins.
• Prior experience working with Kubernetes environments.
• Prior experience working with Security Orchestration and Automation Response tools (SOAR).
• Prior experience working with WAF/RASP solutions.
• Prior experience working with DLP and web filtering solutions.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.

Minimum Qualifications

• 4 or more years working within the Security Operations field including experience in responding to security issues or challenges, such as: threat hunting, intrusion detection, signals intelligence, incident response, forensics, security architecture and infrastructure.
• Prior experience administering or working with Security Information Event Management (SIEM), such as Splunk, ElasticSearch, Qradar, etc. and have experience analyzing large data sets in order to separate true signals from noise.
• Knowledge/understanding of how HIDS, Networking devices (Firewalls, IPS/IDS, Routers, etc.), Anti-Malware, Anti-Spam and DLP solutions work, and possess a deep understanding and recent experience with Linux/Windows/Mac system administration and hardening experience.
• Programming experience in one or more languages such as Python, Bash, Go, Java or C.
• Prior experience administering or working with a Vulnerability Management tool, such as Tenable, InsightVM, Qualys and also responding to the vulnerabilities detected by the tool (Triage - Know what the vulnerability is and how to prioritize and remediate it, collaboration with other teams).
• Strong troubleshooting capabilities, a curious mindset, a willingness to continually increase detection capabilities, and a passion for both the human and technical aspects in the art and science of information security.

Preferred Qualifications

• Prior experience working with Cloud providers, AWS, GCP, Azure, OCI especially hands-on experience on:
• Cloud Security Posture Management: IAM Roles, Policies, etc.
• Prior experience working with open-source tools like Terraform, Packer, GIT and Jenkins.
• Prior experience working with Kubernetes environments.
• Prior experience working with Security Orchestration and Automation Response tools (SOAR).
• Prior experience working with WAF/RASP solutions.
• Prior experience working with DLP and web filtering solutions.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.

• Build Security Use Cases and implement them in the SIEM and SOAR. Utilize pattern matching techniques, machine learning algorithms, statistical models, and other novel capabilities or techniques to detect and respond to insider threats, advanced persistent threats/attackers (“APT”), and anomalous behavior of systems.
• Build detection mechanisms that identify indicators of compromise and other forms of security malfeasance or misconfiguration.
• Respond to Security Incidents and lead investigations related to real or potential indicators of compromise.
• Build automation around our security response and reduce the need for high-touch, human intervention, and investigation into common security events and patterns.
• Utilize various open-source tools, platforms and scripting languages like Terraform, Packer, Linux, Kubernetes, GIT, Python, and Go to instrument and build our security platforms and tools using an infrastructure-as-code model on a hybrid (cloud and on-premise) platform.
• Participate within our on-call security operations team that Medallia counts on to protect our customers, employees, and infrastructure from common and novel threat actors.
  Work with teams across the world throughout Medallia's Global Workforce