Security Operations Remote Jobs in California (US)

This page tracks remote security operations openings that are location-eligible for California.

Open jobs

230

Hiring companies this week

Salary sample

$111,900 - $245,000

Jobs added last hour

Strict location onlyShow closed jobs

Post Date

Minimum Salary

Experience

230 Jobs

181 Companies

Senior Engineer, Security Operations – Engineering

Collibra

United by Data™

Security Operations6 hours ago

Full Time Remote SeniorTeam 1,001-5,000Since 2008H1B Sponsor

Company Site LinkedIn

• Helping to develop architectural requirements and corresponding engineering processes and technologies to support Collibra’s cloud-native platform • Design and tune cloud-native detection rules and threat models for AWS GuardDuty, Microsoft Defender for Cloud, and GCP Security Command Center • Conduct continuous vulnerability assessments of cloud workloads, container images, and serverless functions • Develop, continuously improve, and ensure compliance with controls built for the cloud-native platform • Partner with engineering teams to prioritize and drive remediation of cloud security findings • Plan, organize, and manage multiple responsibilities from various stakeholders and sometimes competing requests to achieve desired objectives • Maintain and update CloudFlare WAF rules to work with the Collibra product. • Evaluate and deploy cloud workload protection platforms (CWPP) and container security tooling • Assist with technical response efforts for cloud security incidents, perform forensic analysis, and contribute to root-cause investigation • Write production-quality code in Python, Golang/Go, or similar languages to build internal security tooling and automation • Integrate security tooling into developer workflows to reduce friction while improving security outcomes • After hours on-call support may occasionally be required

Ansible AWS Azure Cloud Google Cloud Platform Kubernetes Linux Python Terraform Go

View details: Senior Engineer, Security Operations – Engineering

United States

$152K - $190K / year

Apply

L3 SOC Analyst / Incident Response Analyst

ProArch

Consulting and technology- enabled by cloud, guided by data, fueled by apps, and secured by design.

Security Operations9 hours ago

Full Time Remote Mid LevelTeam 201-500H1B Sponsor

Company Site LinkedIn

Role Description At ProArch, a leader in IT security consulting with presence in the US, UK, and India, we are looking for a skilled L3 SOC Analyst / Incident Response Analyst to join our Security Operations Center (SOC) team. In this critical role, you will be responsible for advanced incident detection, investigation, and response to complex cybersecurity threats. Leveraging your extensive experience and expertise, you will lead incident response activities, perform deep-dive analysis, and coordinate with cross-functional teams to mitigate risks and strengthen our security posture. This role is heavily focused on: - Incident Response - Threat Investigation - Detection Engineering - DFIR Operations - SOC Automation - Threat Hunting - Security Platform Engineering - Response Workflow Optimization The ideal candidate combines strong incident response expertise, deep Microsoft security platform knowledge, hands-on detection engineering capability, and SOC automation experience within a fast-paced MSSP environment. This is not a traditional alert-monitoring SOC Analyst role. The position requires strong investigative, analytical, and response-oriented cybersecurity capabilities. Key Responsibilities - Incident Response & Threat Investigation - Lead and support advanced security incident investigations across multiple customer environments - Perform: - Threat triage and validation - IOC analysis and threat correlation - Endpoint and identity investigations - Email security investigations - Cloud security incident analysis - Root cause analysis - Investigate and respond to: - Account compromise incidents - Business Email Compromise (BEC) - Malware and ransomware activity - Privilege escalation - Lateral movement activity - Suspicious cloud and identity-based attacks - Advanced phishing and social engineering campaigns - Coordinate containment, remediation, and recovery activities with customer and internal teams - Support high-severity incident escalation handling and response coordination - Provide detailed investigation findings, timelines, impact assessments, and response recommendations - Conduct proactive threat hunting and threat validation activities where required - Support digital forensics and evidence collection activities when applicable - Detection Engineering & SIEM Operations - Design, develop, and maintain advanced detection rules across: - Microsoft Sentinel - Microsoft Defender XDR - Develop and optimize: - KQL queries - Analytics rules - Correlation logic - Detection use cases - Perform: - Detection tuning - False positive reduction - Behavioral baselining - Threat-based detection improvements - Build and maintain reusable detection content and query libraries - Support proactive detection engineering initiatives aligned with emerging threats and attacker techniques - Leverage threat intelligence and MITRE ATT&CK mapping to improve detection coverage - SOC Automation & SOAR Engineering - Design and implement SOC automation workflows using: - Microsoft Sentinel Playbooks - Logic Apps - SOAR platforms - API-driven integrations - Build workflows for: - Alert enrichment - Incident routing - Automated containment actions - Threat intelligence enrichment - Ticket synchronization - Investigation acceleration - Develop scalable automation frameworks to improve SOC operational efficiency - Support continuous optimization of SOC workflows and automation coverage - Create automation standards and reusable workflow templates across customer environments - Microsoft Security Platform Operations - Provide hands-on operational support, investigation, tuning, administration, and engineering for: - Microsoft Defender for Endpoint (MDE) - Microsoft Defender XDR - Microsoft Defender for Identity (MDI) - Microsoft Defender for Office 365 (MDO) - Microsoft Defender for Cloud Apps (MDCA) - Microsoft Purview - Microsoft Identity Protection / Entra ID - Microsoft Sentinel - Additional technologies include: - CrowdStrike Falcon - Threat Intelligence platforms - Email security solutions - Endpoint Detection & Response (EDR) platforms - Identity and authentication platforms - Cloud security solutions - Ticketing platforms (Datto Autotask preferred) - AI Security & Modern Threat Operations - Support detection and response activities related to: - AI-orchestrated attacks - Identity-based attacks - Cloud-native threats - Advanced phishing and social engineering campaigns - Leverage AI-assisted SOC operations and automation capabilities where applicable - Support modern detection strategies aligned with evolving attacker techniques - Evaluate opportunities to integrate AI-driven efficiencies into detection, investigation, and response workflows - Client & Operational Support - Participate in customer incident discussions and escalation calls when required - Support onboarding of new customer environments and security integrations - Maintain: - Investigation playbooks - SOPs - Workflow documentation - Operational runbooks - Detection documentation - Collaborate closely with: - SOC Operations - Security Engineering - Vendors - Consulting teams - Customer stakeholders - Support operational improvement initiatives across SOC and DFIR functions Qualifications - Bachelor’s Degree / Graduation in: Computer Science/Information Technology/Cybersecurity or related technical field is mandatory - Relevant cybersecurity and automation-focused certifications will be considered an added advantage. - 6-9 years of overall cybersecurity experience - Strong hands-on experience in: - Incident Response - Threat Investigation - SOC Operations - Detection Engineering - DFIR activities - Prior Incident Response Analyst experience is highly preferred - Experience working within MSSP environments preferred - Experience supporting or collaborating with US-based teams/vendors preferred - Proven hands-on experience with SOAR platforms in enterprise or MSSP environments - Strong experience designing and implementing SOC automation workflows from scratch - Experience supporting enterprise Security Operations Center (SOC) environments - Experience with detection engineering and SIEM rule development Requirements - Strong hands-on experience with: - Microsoft Defender for Endpoint (MDE) - Microsoft Defender XDR - Microsoft Defender for Identity (MDI) - Microsoft Defender for Office 365 (MDO) - Microsoft Defender for Cloud Apps (MDCA) - Microsoft Purview - Microsoft Identity Protection / Entra ID - CrowdStrike Falcon - Threat Intelligence platforms - Microsoft Sentinel (Mandatory) - Defender XDR SIEM operations (Mandatory) - Graph API - Datto Autotask or equivalent ticketing systems - Email security solutions - Endpoint Detection & Response (EDR) platforms - Identity and authentication platforms - Cloud security technologies - Strong experience creating: - Detection rules - Analytics rules - KQL queries - Detection tuning and fine-tuning - Experience with: - SOC workflow design - SOC automation - SOAR engineering - API integrations - Workflow orchestration - Understanding of: - MITRE ATT&CK - Threat detection methodologies - Threat hunting methodologies - AI-driven attack techniques - AI use cases in SOC operations - Preferred experience with: - PowerShell - Python - REST APIs - Logic Apps - KQL (Mandatory) Preferred Certifications - Microsoft SC-200 - Microsoft SC-401 - Microsoft AZ-500 - Microsoft SC-900 - Microsoft SC-100 - CISSP - Security Automation / SOAR Automation / SOAR Certifications Soft Skills & Work Style - Strong verbal and written communication skills with the ability to work effectively across technical and non-technical teams - Excellent collaboration and stakeholder coordination skills across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams - Strong documentation and technical writing capabilities for investigations, workflows, SOPs, and operational procedures - Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment - Self-driven, proactive, and highly organized with strong ownership and accountability - Strong analytical, troubleshooting, and problem-solving skills - Comfortable managing multiple projects, priorities, and operational initiatives simultaneously - Team-oriented mindset with the ability to operate effectively as an individual contributor - Professional communication and coordination skills for working with US-based teams and vendors - Adaptable and flexible to evolving operational and business requirements Working Model - Rotational Shift (US Business Hours or After Hours) - Remote-first operational model - Participation in on-call escalation rotation for critical incidents when required What Success Looks Like - High-quality incident investigations and response handling - Improved detection fidelity and reduced false positives - Increased SOC automation coverage and operational efficiency - Faster containment and response coordination - Consistent and high-quality incident response across customer environments - Strong collaboration across SOC, Engineering, and Customer teams - Continuous improvement of detection, automation, and DFIR capabilities

View details: L3 SOC Analyst / Incident Response Analyst

USA Timezones

Apply

Security Operations Engineer II

StubHub

StubHub is a web and mobile platform that enables fans around the world to buy and sell tickets for live events. Its global ticket marketplace includes over 10

Security Operations16 hours ago

Full Time Hybrid Senior

Company Site

Title: Security Operations Engineer II Location: New York, New York, United States Job Description: StubHub is on a mission to redefine the live event experience on a global scale. Whether someone is looking to attend their first event or their hundredth, we’re here to delight them all the way from the moment they start looking for a ticket until they step through the gate. The same goes for our sellers. From fans selling a single ticket to the promoters of a worldwide stadium tour, we want StubHub to be the safest, most convenient way to offer a ticket to the millions of fans who browse our platform around the world. The Security Operations team owns incident response, threat detection, SIEM engineering, log management, and third-party security risk forming the frontline defense for StubHub's global operations. As a Security Operations Engineer you will bring deep hands-on experience in incident response and threat detection. You will help extend the existing tooling, automation, and detection infrastructure that enables the team to operate at scale. This is not a purely operational role; we are looking for an engineer who writes production-quality code to solve security problems, architects detection pipelines, and help mature StubHub’s SOC-less approach to Detection & Response. You will work closely with Cloud and Infrastructure Security, Identity Engineering, and cross-functional stakeholders. Your work will directly shape how StubHub detects, responds to, and learns from threats. Location: Hybrid (3 days in office/2 days remote) – New York, NY or Century City, CA What You'll Do: What You've Done: - Incident Response - Lead and coordinate security incident response end-to-end: detection, triage, containment, eradication, recovery, and post-incident review - Develop and maintain incident response playbooks - Drive root cause analysis and translate findings into durable improvements to detection and prevention capabilities - Act as an escalation point for complex or high-severity incidents across the organization - Threat Detection - Design, build, and tune detection rules, event correlation logic, and behavioral analytics across cloud, endpoint, network, and application data sources - Assist in maintaining a threat model for StubHub's environment and mapping detection coverage to the MITRE ATT&CK framework - Proactively hunt for threats and indicators of compromise across the environment - Collaborate with red team and pen test partners to validate detection coverage and identify gaps - SIEM & Log Engineering - Continually improve SIEM capabilities including data ingestion pipelines, normalization, enrichment, and alerting workflows - Own log collection strategy: define what gets collected, at what fidelity, and for how long across cloud providers, SaaS applications, endpoints, and internal services - Write and maintain parsers, ETL pipelines, and data transformation logic to ensure high-quality signal in the SIEM - Own and operate security tooling where needed (SIEM, SOAR, EDR, etc.) - Security Automation & Tooling - Write internal software in Python, Go, or similar to automate detection, response, enrichment, and reporting workflows - Build integrations between security tools, internal APIs, and third-party services to accelerate analyst workflows and reduce mean time to respond - Develop dashboards, metrics, and reporting to communicate operational health and coverage to security leadership - Contribute to shared security infrastructure and internal libraries used across the security engineering organization - Third-Party Security - Support the third-party security program by evaluating vendor security posture, reviewing assessments, and triaging risk findings - Build or maintain tooling to automate third-party risk intake, tracking, and reporting - Collaborate with Legal, Procurement, and Engineering to ensure third-party risks are identified and remediated appropriately - 3+ years of experience in security engineering, security operations, or a related discipline - Demonstrated, hands-on experience leading incident response efforts, including complex, multi-system investigations - Strong threat detection engineering experience: writing detection rules, tuning alerts, building correlation logic, and reducing false positive rates at scale - Proficiency in at least one programming or scripting language (Python strongly preferred; Go, Ruby, or Bash also relevant) — you regularly write code to solve security problems, not just configure tools - Deep familiarity with SIEM platforms (e.g., Splunk, ELK, Chronicle, Panther, or similar) including query languages and datra data onboarding. - Experience with cloud environments (AWS, GCP, or Azure) and the associated log sources, threat models, and detection strategies - Strong understanding of attacker tactics, techniques, and procedures (TTPs); experience mapping detections to MITRE ATT&CK - Excellent written and verbal communication skills; able to convey technical risk clearly to non-technical stakeholders Preferred Experience: Experience operating in a SOC environment, either in-house or as part of an MSSP Familiarity with SOAR platforms and automation-driven response workflows Experience with threat intelligence platforms and operationalizing threat feeds into detection pipelines Prior involvement in third-party or vendor security risk programs Experience at high-growth technology companies or marketplaces where scale and velocity present unique security challenges Familiarity with data engineering concepts — streaming pipelines, schema design, log normalization — applied to security contexts Relevant certifications (GCIH, GCIA, GCFE, OSCP, or equivalent) are a plus, but not required What We Offer: - Accelerated Growth Environment: An environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale. - Top Tier Compensation Package: Competitive base, equity, and upside that tracks with your impact. - Flexible Time Off: Enjoy unlimited Flex Time Off, giving you the flexibility to manage your schedule and take time to recharge as needed. - Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options. The anticipated gross base pay range is below for this role. Actual compensation will vary depending on factors such as a candidate’s qualifications, skills, experience, and competencies. Base annual salary is one component of StubHub’s total compensation and competitive benefits package, which includes equity, 401(k), paid time off, paid parental leave, and comprehensive health benefits. Salary Range $165,000—$200,000 USD About Us StubHub is the world’s leading marketplace to buy and sell tickets to any live event, anywhere. Through StubHub in North America and viagogo, our international platform, we service customers in 195 countries in 33 languages and 49 available currencies. With more than 300 million tickets available annually on our platform to events around the world -- from sports to music, comedy to dance, festivals to theater -- StubHub offers the safest, most convenient way to buy or sell tickets to the most memorable live experiences. Come join our team for a front-row seat to the action. For California Residents: California Job Applicant Privacy Notice found here We are an equal opportunity employer and value diversity on our team. We do not discriminate on the basis of race, color, religion, sex, national origin, gender, sexual orientation, age, disability, veteran status, or any other legally protected status.

View details: Security Operations Engineer II

New York + 1 more

$165K - $200K / year

Apply

Security Operations Engineer II

StubHub

StubHub is a web and mobile platform that enables fans around the world to buy and sell tickets for live events. Its global ticket marketplace includes over 10

Security Operations17 hours ago

Full Time Hybrid Senior

Company Site

Lead incident response efforts, design threat detection mechanisms, enhance SIEM capabilities, and automate security workflows to improve organizational defenses against potential threats and vulnerabilities in a complex environment.

View details: Security Operations Engineer II

New York + 1 more

Apply

Senior Security Operations Engineer

AssemblyAI

API platform for State-of-the-Art AI models

Security Operations21 hours ago

Full Time Remote SeniorTeam 51-200H1B No Sponsor

Company Site LinkedIn

• Conduct threat modeling and security design reviews for new features • Perform secure code reviews and provide actionable feedback • Deploy and maintain security tooling across the development lifecycle • Partner with platform engineering on infrastructure and environment security • Contribute to incident response for security events • Drive vulnerability triage and prioritization across teams • Partner with sales and legal responding to customer and vendor questionnaires • Support compliance audit cycles by gathering evidence and documenting controls • Monitor and respond to alerts from endpoint, cloud, and application security tools • Maintain and improve security runbooks and process documentation

AWS Cloud Python Terraform

View details: Senior Security Operations Engineer

United States

$180K - $220K / year

Apply

Director, Security Operations – Infrastructure

Phreesia

Phreesia empowers patients to take an active role in their health and achieve better outcomes.

Security Operations5 days ago

Full Time Remote LeadTeam 1,001-5,000Since 2005H1B Sponsor

Company Site LinkedIn

• Own enterprise-wide security incident response —ensure the team can detect, triage, contain, eradicate, and recover from incidents across cloud, on-prem, SaaS, and endpoint environments with speed and precision. • Maintain and continuously improve the incident response plan, playbooks, escalation procedures, and communication templates, ensuring they are tested, current, and aligned to NIST CSF 2.0. • Serve as incident commander or executive sponsor for high-severity incidents; make real-time decisions on containment and remediation under pressure. • Coordinate threat response across US and India teams, ensuring consistent coverage, quality, and process regardless of geography. • Own the security and IT tooling portfolio across the company: endpoint management (MDM, EDR), identity infrastructure, SIEM/SOAR, network security, vulnerability scanning, email security, cloud security posture management, and related platforms. • Build and maintain operational metrics and dashboards that provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture.

AWS Azure Cloud Google Cloud Platform Linux MacOS

View details: Director, Security Operations – Infrastructure

United States

$245K - $265K / year

Apply

Security Operations Administrator

MetroSys, Inc.

Security Operations6 days ago

Contract Remote SeniorTeam 11-50Since 2006H1B No Sponsor

Company Site LinkedIn

• Review and respond to security alerts and tickets generated from the client’s monitoring and security platforms • Investigate and triage alerts related to endpoint security, email threats, suspicious authentication attempts, and network security events • Perform incident response activities including documentation, remediation actions, and escalation handling • Validate email and phishing-related incidents using Mimecast and other workflows • Monitor endpoint alerts and investigate identity/authentication alerts from Microsoft environments • Support security investigations involving firewall alerts and authentication platforms

View details: Security Operations Administrator

California

Apply

SecOps Engineer

Upstart

Our mission is to enable effortless credit based on true risk.

Security Operations8 days ago

Full Time Remote SeniorTeam 1,001-5,000Since 2012H1B Sponsor

Company Site LinkedIn

• Work closely with system owners to ingest new log feeds for security monitoring • Enhance and maintain our Detection and Response platforms • Build in workflows with AI analysis to automatically investigate and triage issues • Be on the frontlines of Incident Response, actively investigating issues and protecting Upstart • Build common response workflows to expedite investigation and response using AI and SOAR Technology

Python

View details: SecOps Engineer

United States

$111.9K - $155K / year

Apply

VP, Managed Security Operations

Fortra

We Break the Attack Chain

Security Operations9 days ago

Full Time Remote Mid LevelTeam 1,001-5,000H1B No Sponsor

Company Site LinkedIn

Role Description Are you a seasoned VP of Security Operations who has built a world-class SOC organization for a fast-growing service provider? Fortra is seeking a visionary leader to elevate our global Security Operations function and strengthen the protection of our customers against an ever-evolving threat landscape. In this pivotal role, you will shape the future of our detection and response capabilities, drive operational excellence, and position Fortra as the industry leader in threat disruption. WHAT YOU'LL DO - Operational Leadership: - Lead our global 24x7 Managed Security Operations Centers, ensuring effective monitoring, threat detection, incident response, and remediation across networks, endpoints, email, and brand protection services. - Build and execute a strategy that strengthens detection capabilities, service performance, and customer experience. - Drive operational excellence through process improvement, automation, and optimized tooling. - Serve as an executive escalation point for critical security incidents and major customer issues. - Establish and nurture executive-level relationships with domain registrars, hosting providers, ISPs, cloud platforms, and major digital service providers to accelerate takedown response times. - Develop collaboration frameworks with threat intelligence vendors, anti-abuse networks, and takedown service providers to enhance evidence quality and streamline takedown workflows. - Partner closely with Product, Engineering, Sales, and Customer Success to evolve our services and support customer needs. - Recruit, mentor, and develop high-performing SOC leaders across a global footprint. - Ensure service readiness, resilience, and compliance with security frameworks. - Strategic Leadership: - Set and execute the long-term vision for Operations, ensuring alignment with business goals and growth objectives. - Foster a culture of engagement, inclusion, high performance, and continuous development. - Lead complex change initiatives, securing stakeholder buy-in and driving organizational adoption. - Champion a high-performance culture through clear standards, empowered accountability, and sustained focus on operational excellence and outcomes. - Drive business agility, reallocating resources as priorities evolve. - Apply strong business and financial acumen to influence decisions and drive long-term value. Qualifications - 15+ years of cybersecurity experience with 10+ years leading a large global Security Operations teams. - Proven ability to scale SOC operations and improve detection/response outcomes in a high-volume environment. - Previous success in leveraging external partnerships to establish expedited takedown channels and emergency escalation protocols for high-severity threats. - Deep connections with industry threat-mitigation groups (e.g. APWG, M3AAWG, etc.) to enable early access to emerging threat intelligence and coordinated takedown actions. - Strong communication skills with the ability to engage executives, customers, and technical teams. - Experience building high-performing global teams and operating in a 24x7 service model. Requirements - Compensation: 200,000 USD - 225,000 USD Benefits - Health, dental, and vision coverage as of hire. - Immediate enrollment in 401(k), HSA, and FSA plans. - Flexible PTO policy. - Tuition and personal enrichment reimbursement. - Option to enroll in ID Theft Protection Program.

View details: VP, Managed Security Operations

United States

$200K - $225K / year

Apply

Security Operations Engineer

DailyPay

Hard work pays off on the daily.

Security Operations9 days ago

Full Time Remote SeniorTeam 501-1,000Since 2015H1B No Sponsor

Company Site LinkedIn

• Monitor security alerts and triaging potential threats. • Review and analyze reported suspicious emails. • Perform header analysis, URL sandboxing, and attachment detonation to identify malicious intent. • Monitor DLP consoles for unauthorized movement of sensitive data. • Investigate incidents involving PII or intellectual property. • Investigate potential Account Takeover (ATO) alerts. • Monitor the SIEM for alerts across endpoints, networks, and cloud environments. • Assist in routine scans and ensure security agents are healthy and reporting correctly across the fleet.

Cloud Cyber Security DNS Linux MacOS TCP/IP

View details: Security Operations Engineer

United States

$112K - $175K / year

Apply

Job Closed

220more opportunities are still waiting for you.Log in now and take your next shot before someone else does.

Top Stack For This Role + State

Cloud, AWS, Linux, Python, Azure, Google Cloud Platform

Eligibility Signals

Senior Engineer, Security Operations – Engineering at CollibraRemote listing with US location signal: United States.
L3 SOC Analyst / Incident Response Analyst at ProArchRemote listing with US location signal: USA Timezones.
Security Operations Engineer II at StubHubListing includes US location signal: New York, California.
Security Operations Engineer II at StubHubListing includes US location signal: New York, California.
Senior Security Operations Engineer at AssemblyAIRemote listing with US location signal: United States.
Director, Security Operations – Infrastructure at PhreesiaRemote listing with US location signal: United States.
Security Operations Administrator at MetroSys, Inc.Remote listing with US location signal: California.
SecOps Engineer at UpstartRemote listing with US location signal: United States.

Related Role + State Pages

All US Remote Jobs Security Operations Remote Jobs (US)US Remote Salary Guide Remote Interview Prep Remote Resume Tips US Remote Jobs by State (2026)US Remote Tech Stack Trends (2026)US Remote Job Market Weekly Snapshot Security Operations Jobs in Texas Security Operations Jobs in New York Security Operations Jobs in Florida Security Operations Jobs in Washington