Overview:
Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.
We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.
We empower exceptional people to create extraordinary experiences together.
Bring your whole self.
The Role and Team
At Medallia, the Security Operations team increases Medallia’s long-term value by building enterprise-grade, best-in-class security to detect indicators of compromise and security malfeasance, as well as leading Medallia’s security incident response and investigative capabilities across the entire organization. We are passionate about security, threat hunting, automation, and rapid iteration, and love creating pragmatic solutions to challenging problems.
We work closely with our Red-Team and perform Tabletop exercises that allow us to build company-wide muscle memory for responding to incidents.
As a next-generation Security Operations team, DevSecOps methodology is our focus, and our engineers utilize best-in-class tools to deliver robust security capabilities across our multi-cloud platform.
We are looking for a Senior Security Operations Engineer that shares our passion and thrives off of partnering closely with our global engineering teams and ensuring we have best-in-class detection and response capabilities deployed throughout our platform.
Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.
Responsibilities:
- Design, develop, and maintain advanced detection and response capabilities across SIEM, SOAR, EDR, cloud, identity, endpoint, and application environments.
-
Build, tune, and continuously improve detection use cases to identify malicious activity, insider threats, advanced persistent threats (APTs), misconfigurations, and anomalous behavior.
-
Lead investigations into security incidents, indicators of compromise, and suspicious activity, performing root cause analysis and driving containment, eradication, and remediation efforts.
-
Develop and maintain security automation, orchestration, and response workflows to improve operational efficiency and reduce manual effort.
-
Translate threat intelligence, emerging attack techniques, and industry trends into actionable detections, hunting hypotheses, and security controls.
-
Build and operate security platforms using Infrastructure-as-Code and automation-first principles leveraging technologies such as Terraform, Kubernetes, Linux, Git, Python, and cloud-native services.
-
Conduct proactive threat hunting activities across cloud, endpoint, identity, network, and application environments.
-
Partner with Engineering, Infrastructure, IT, Product Security, and other stakeholders to improve visibility, security posture, and incident readiness.
-
Participate in the Security Operations on-call rotation and act as an escalation point for complex incidents.
-
Mentor junior engineers and contribute to the development of team standards, documentation, and operational processes.
-
Leverage automation and AI-assisted capabilities to improve threat detection, investigation, and response processes while maintaining appropriate governance and security controls.
Qualifications:
Minimum Qualifications
-
5+ years of experience in Security Operations, Detection Engineering, Incident Response, Threat Hunting, Security Engineering, or related cybersecurity disciplines.
-
Demonstrated experience building and maintaining detections within SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, Elastic, or similar technologies.
-
Demonstrated experience developing automation and orchestration workflows using SOAR platforms such as Cortex XSOAR, Splunk SOAR, Tines, or equivalent.
-
Demonstrated experience investigating security incidents involving cloud platforms, endpoints, identities, applications, and network infrastructure.
-
Scripting or programming experience in Python, Go, Bash, PowerShell, or similar languages.
-
Demonstrated experience working with Linux systems, cloud platforms (AWS, Azure, GCP, OCI), and containerized environments.
-
Demonstrated knowledge of common attack frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, and modern adversary tradecraft.
-
Demonstrated experience utilizing Infrastructure-as-Code tools such as Terraform, CloudFormation, or similar technologies.
-
English proficiency, both oral and written.
Preferred Qualifications
-
Familiarity with AI/LLM security, AI-assisted detection workflows, and emerging AI security risks.
-
Experience building or operating detection engineering programs at scale.
-
Experience securing Kubernetes, containerized workloads, and cloud-native environments.
-
Experience with threat intelligence platforms and intelligence-driven detection methodologies.
-
Experience developing custom integrations, APIs, and security tooling.
-
Experience with EDR, CSPM, DSPM, Identity Security, and Zero Trust technologies.
-
Experience supporting regulated environments and compliance frameworks such as SOC 2, ISO 27001, HITRUST, PCI DSS, FedRAMP, or similar standards.
-
Industry certifications such as GCIH, GCFA, GCIA, GCFE, CISSP, CCSP, AWS Security Specialty, or equivalent.
-
Previous experience mentoring engineers and leading technical initiatives.
-
Strong analytical, troubleshooting, communication, and documentation skills.
-
Ability to work independently and collaborate effectively across globally distributed teams.
At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at
[email protected]. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.
