​This is a Remote (US) senior-level role within the Starbucks Cybersecurity Operations Center (CSOC). As a senior “partner” (employee) in this role, you are responsible for more than just monitoring; you are expected to mature defense capabilities at a massive, global scale. You will act as an escalation point and a detection architect, using data analytics and threat intelligence to protect Starbucks’ brand and digital ecosystem.

• ​Location: Remote (US) – Headquarters in Seattle, WA.
• ​Pay Range: $112,400 – $211,800 (Bonus Eligible).
• ​Experience Required: 5+ years in IT and 4+ years in Security Operations (SOC).
• ​Core Focus: Rapid triage, custom detection engineering, threat hunting, and cloud security.
• ​Tech Stack: SIEM, EDR, SOAR, WAF, and multi-OS forensics (Windows, Linux, MacOS).

​Key Responsibilities: Detection, Hunting, and Mentorship

​The Senior Engineer focuses on high-level resolution and proactive defense rather than routine alert handling.

​Detection Engineering & MITRE ATT&CK

You will create custom detections aligned with the MITRE ATT&CK Framework. This involves auditing logs to find detection gaps and tuning security tools to minimize false positives, ensuring the team stays focused on legitimate threats.

​Threat Hunting & Analytics

Beyond responding to alerts, you will actively hunt for new threats that automated systems might miss. This requires performing data analytics on telemetry to surface “hidden” activity and reviewing threat intelligence feeds to recommend toolset changes.

​Advanced Investigations & Forensics

You are responsible for in-depth investigations across Windows, Linux, and MacOS hosts. When a critical incident occurs, you lead the triage effort to determine severity and urgency, ensuring rapid containment and resolution.

​Automation & Process Improvement

You will “write stories” for automation engineers to improve the SOAR environment. By providing operational feedback, you help refine SOC playbooks and Standard Operating Procedures (SOPs) to ensure the entire team operates consistently.

​Leadership & Mentorship

As a Senior Individual Contributor, you act as a mentor for junior SOC engineers and serve as a subject matter expert for security tools and compliance (SOX/PCI).

​Required Technical Proficiency

​Starbucks is looking for a self-driven expert with a deep understanding of attacker psychology and modern programming.

• ​Programming: Proficiency in at least one modern language (e.g., Python, PowerShell, C#, Rust, Go).
• ​Security Tools: Hands-on experience with SIEMs, WAFs, IDS/IPS, and Endpoint Detection (EDR).
• ​Forensics & OS: Deep knowledge of modern threats and the ability to investigate various operating systems.
• ​Cloud & Containers: Ability to assess current cloud security postures and propose architectural improvements.
• ​Compliance: Basic understanding of SOX and PCI regulatory requirements.

​Preferred Qualifications

• ​Broad Domain Mastery: Proficiency in multiple pillars such as Forensics, Reverse Engineering, Big Data, or Threat Intel.
• ​Community Contribution: A track record of giving back to the security community through teaching or open-source code.
• ​Certifications: CISSP, GCIH, or SSCP are highly valued but not required.