Company Overview:
TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation, and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the MDR landscape.
We’re a fast growing startup backed by industry experts and top tier investor Andreessen Horowitz. As an early employee, you’ll play a meaningful role in defining and building our culture. Get in on the ground floor. We’re a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.
Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.
As a SOC Engineer, you'll operate across incident response, platform quality, and operational improvement — evaluating telemetry coverage, shaping response automation, handling high-severity escalations, and ensuring the tooling and workflows analysts depend on are fit for purpose. The role carries direct engagement across internal engineering teams and customers, and no shortage of hard problems to solve. We default to automation and AI wherever they produce better outcomes — and we want engineers who think the same way.
What You'll Do
Handle complex incident response and escalation. Take ownership of high-severity and technically complex incidents — leading investigation, driving containment decisions, and communicating findings clearly when it counts.
Assess and improve telemetry and logging coverage. Automate evaluation of customer environments for logging gaps and deficiencies across endpoint, network, identity, and cloud. Specify what's needed for effective detection and investigation, and work with customers and internal teams to close the gaps.
Ensure SIEM and detection quality. Apply deep platform knowledge to evaluate detection fidelity, data normalization, parser quality, and alert logic — identifying where coverage or quality falls short and partnering with detection engineering to address it.
Contribute to response automation quality. Work closely with the SOAR team to review enrichment logic, containment playbooks, and automation design — bringing an incident responder's perspective to what works under pressure and what doesn't.
Support technical needs across the organization. Serve as a knowledgeable resource for forward-deployed engineers, onboarding teams, and customers on questions spanning telemetry, investigation, platform behavior, and response — representing the SOC's technical depth across functions.
Improve SOC tooling and operational workflows. Identify friction in how analysts triage, investigate, and respond. Partner on tooling improvements, process changes, and reference content that raise consistency and quality across the team.
What You Bring
5+ years in security operations, incident response, or detection engineering with demonstrated depth across multiple domains.
Strong fluency in logging and telemetry — able to evaluate an environment's coverage posture, identify deficiencies, and articulate what's needed for effective detection and investigation.
Hands-on experience with SIEM platforms (Google Chronicle, Microsoft Sentinel, and/or Splunk a plus) — enough to understand data modeling, rule architecture, and parser quality, and recognize when a deployment falls short of what our MDR SOC requires.
Solid understanding of response automation — enrichment pipelines, SOAR playbook structure, containment logic — and the judgment to evaluate whether automation is working as intended.
Working knowledge of cloud security architecture in at least one major cloud (AWS, Azure, or GCP), including native log sources and their value for investigation.
Scripting proficiency in Python or PowerShell for automation support, and integration work.
Familiarity applying AI or LLM-based tooling to security workflows — investigation assistance, alert triage, log analysis, or automation — is a strong plus.
Clear, confident communicator across technical and non-technical audiences — customers, engineers, and analysts alike.
Bonus Points
Multi-cloud breadth across AWS, Azure, and GCP security tooling and telemetry.
Experience with IaC (Terraform, CloudFormation) and DevSecOps practices.
Familiarity authoring detection runbooks, investigation guides, or SOC operating procedures.
Splunk Enterprise Security depth — ES notable events, risk-based alerting, correlation search architecture.
Container and Kubernetes security monitoring exposure.
Experience building or evaluating AI-assisted security tooling, agentic workflows, or LLM-augmented investigation and response.
Education & Certifications
Bachelor’s degree in Computer Science, Information Security, or a related field, OR equivalent work experience.
Relevant certifications — CISSP, GCIH, GCFE, GCDA, GREM, AWS/GCP security, or SIEM platform certifications — are a plus.
Why Join Us?
Opportunity to work with cutting-edge AI-driven cybersecurity technologies and Google SecOps solutions.
Collaborate with a talented and innovative team focused on continuously improving security operations.
Competitive salary and benefits package.
A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.
If you're passionate about combining cybersecurity expertise with artificial intelligence and have experience with Google SecOps and Chronicle, we encourage you to apply!