Software Engineer - SOC

Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.

• Monitor, analyze, and triage security events and alerts across distributed systems to identify potential incidents and anomalous behavior

• Lead end-to-end incident response, including investigation, containment, eradication, and recovery, with an emphasis on scalable and repeatable processes

• Perform deep-dive root cause analysis of sophisticated attacks spanning infrastructure, network, and application layers, including code-level vulnerabilities

• Design, build, and maintain automation frameworks to improve detection and response efficiency (e.g., auto-remediation, alert enrichment pipelines)

• Develop and maintain detection logic (rules, queries, behavioral analytics) using engineering best practices such as version control, testing, and CI/CD

• Create and continuously improve incident response playbooks as modular, reusable, and programmatic workflows

• Fine-tune alerting systems to reduce noise and false positives through data analysis, feedback loops, and algorithmic improvements

• Collaborate closely with SRE, DevOps, IT and engineering teams to remediate vulnerabilities and improve system security and reliability

• Engineer and enhance SIEM capabilities, including log ingestion pipelines, normalization, correlation rules, and integrations

• Implement and scale security monitoring solutions across cloud-native and distributed environments

• Conduct proactive threat hunting using data-driven and hypothesis-based approaches

• Enrich and correlate telemetry using IOCs, threat intelligence feeds, and custom-built data pipelines

• Contribute to SOC tooling and internal platforms by writing clean, maintainable, and efficient code

• Participate in architecture and design discussions to embed security into systems from the ground up

• Drive and contribute to broader security engineering and SOC modernization projects

• 2–4 years of experience in information security, security engineering, or a related field

• Hands-on experience with SIEM platforms, EDR tools, IDS/IPS, firewalls, and vulnerability management systems

• Experience with incident response and security investigations

• Strong understanding of cloud environments (AWS, GCP, or Azure) and associated security considerations

• Proficiency in at least one programming or scripting language (e.g., Python, Bash, or Go) with the ability to build automation and tooling

• Familiarity with software engineering fundamentals (data structures, APIs, version control, testing)

• Experience in Incident Response, Malware Analysis, and Threat Hunting

• Background in SOC, or SecDevOps practices

• Experience building or maintaining internal security tools or platforms

• Knowledge of distributed systems and observability (logging, metrics, tracing)

• Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)

• Relevant certifications (e.g., GCIA or similar)

• Independently handle full incident response lifecycle with a focus on improving repeatability through automation

• Build or enhance at least one automation workflow (e.g., alert enrichment, triage pipeline, or response action) that reduces manual effort

• Develop high-fidelity detections with low false-positive rates using structured testing and validation approaches

• Author and maintain programmatic incident response playbooks integrated with SOC tooling

• Demonstrate strong understanding of the evolving threat landscape and apply insights to detection engineering

• Contribute code or improvements to internal SOC tools, repositories, or automation frameworks

• Significantly reduce Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through scalable engineering solutions and automation

• Establish and maintain a robust detection engineering lifecycle (design, test, deploy, measure, iterate)

• Improve overall security operations posture through continuous system-level and architectural enhancements

• Lead or contribute to major security engineering projects that strengthen monitoring, detection, and response capabilities

• Build reusable frameworks, libraries, or services that elevate SOC efficiency and engineering maturity

• Act as a bridge between Security and Engineering teams, promoting secure-by-design principles across the organization