• Develop tooling to generate and automate regulatory benchmark guidance • AI driven tooling (MCP servers/toolsets) that integrates with IDEs (Claude Code/Cursor) • Understanding Compliance Operator resources, like CustomRules and Profiles • Implementing checks using multiple scanning technologies, like OpenSCAP and CEL expressions • Developing and maintaining operators that improve OpenShift security posture • Contribute to industry benchmark regulatory bodies where applicable (CIS)

• Designing and implementing controls that support security invariants and enforce our security principles while providing a surprisingly great user experience • Providing a migration path for newly acquired companies onto the Stripe Secure Platform, embedding with their engineers and biasing for action • CI tooling for platform-related configuration: IAM roles, SCPs, and associated components • Guardrails and security controls for both commonly used and newer cloud technologies • Expanding our cloud identity infrastructure to provide paved paths for AI and agentic access • Automation tooling for continually driving down permissions and access across our cloud services

• You will be task to perform scripting, and automation works relating to Information Security. • You will conduct security assessments of new tools, applications, and systems. • You will process and manage requests for various security services such as URL Filtering, Privilege Account Management, DLP, Firewall Rule Review. • You will support or lead the design and deploy security infrastructure such as DLP, SWG, UBA, EDR, SIEM, MDM, NAC, etc. • You will support or lead security infrastructure projects and manage security infrastructure. • You will provide security consulting and influence adoption of security best practices. • You may, if needed, support activities of third-party penetration testing, vulnerabilities assessments and drive remediation activity. • You may, if needed, support incident response and threat containment. • You may support information security and data privacy compliance audits and associated activities.

Role Description This role contributes to Starbucks’ success by operating within the Security Operations Center (SOC) to detect, investigate, and respond to cybersecurity threats across the enterprise. You will leverage SIEM and SOAR platforms to perform advanced log analysis, validate alert fidelity, and continuously assess the operational health and coverage of Starbucks’ security tooling. You will design, build, and tune detections within the SIEM, translating real world adversary behaviors and MITRE ATT&CK aligned TTPs into high confidence, actionable alerts. This includes authoring and maintaining detection logic (e.g., KQL, SPL, or equivalent), reducing false positives and closing visibility gaps. The role also focuses on maturing automation through SOAR by developing playbooks that standardize and accelerate investigation, enrichment, containment, and response workflows. You will integrate SOAR with security and IT platforms to automate repeatable actions. The ideal candidate demonstrates strong analytical problem solving skills, clear technical communication, and deep expertise in modern attack techniques, logging architectures, and SOC operations. A proven, hands on track record of advancing detection engineering, SIEM/SOAR effectiveness, and incident response capabilities in highly targeted, large scale environments is essential. Success in this role is defined by measurable contributions to a world class SOC and cybersecurity program that proactively detects threats, rapidly contains incidents, and drives consistent, effective resolution across all cybersecurity events. As a cybersecurity engineer senior, threat detection and response, you will: - Identify, evaluate, and appropriately address alerts and incidents - Develop detections based on the MITRE ATT&CK Framework - Proactively identify emerging threats and conduct threat hunting for undetected activity within the environment - Assess alerts to establish their legitimacy, and urgency - Adhere to SOC playbooks and standard operating procedures (SOPs) to promote consistency in triage and decision-making - Conduct a thorough review and audit of existing logging systems to identify any gaps in detection capabilities - Review threat intel reports and feeds, making recommendations for profile or toolset changes based on reviews - Perform in-depth investigations on Windows, Linux, and MacOS hosts - Create stories to enhance the SOAR environment for engineers - Enhance SOC processes with feedback and operational insights - Serve as both a mentor and an escalation point for SOC engineers - Tune security tool configuration to minimize false positives - Work closely with security leaders, engineers, and compliance teams to implement effective security plans - Serve as a subject matter expert for security tools, applications, and processes Qualifications - 5+ years of experience working in an information technology discipline - 4+ years of security operations experience - 2+ years of detection engineering experience - 2+ years of Threat hunting experience - Deep technical understanding of modern Cybersecurity threats - Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework - Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, or Java - Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security - Basic understanding of compliance and regulatory requirements such as SOX and PCI - Ability to balance multiple priorities and meet deadlines - Excellent problem-solving abilities - Passionate about cybersecurity and self-driven to become an expert Preferred Qualifications - Demonstrated expertise in at least two technologies, such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, or Container Security - Skilled in at least two focus areas, including Phishing, Data Loss Prevention (DLP), Compliance, Networking, Digital Forensics, Big Data, Threat Intelligence, Operating Systems, or Reverse Engineering - Actively supports the cybersecurity community by teaching or contributing code - Holds certifications like CISSP, SSCP, GCIH, or other credentials emphasizing cybersecurity Benefits - Access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits - Short-term and long-term disability - Paid parental leave - Family expansion reimbursement - Paid vacation from date of hire - Sick time (accrued at 1 hour for every 25 hours worked) - Eight paid holidays and two personal days per year - Participation in a 401(k) retirement plan with employer match - Discounted company stock program (S.I.P.) - Starbucks equity program (Bean Stock) - Incentivized emergency savings and financial well-being tools - 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program - Student loan management resources and access to other educational opportunities - Access to backup care and DACA reimbursement