​This is a Senior-level, Remote role at Pennymac (NYSE: PFSI), a leading financial services firm specializing in U.S. mortgage loans. This position is a high-impact engineering role within the Information Security department, focusing on building the “intelligence” of the Security Operations Center (SOC). You are responsible for designing the detection logic that finds advanced threats across a complex hybrid-cloud environment, while also acting as a technical leader during major security incidents.

• ​Requisition ID: 36607
• ​Salary Range: $90,000 – $150,000
• ​Location: 100% Remote (United States)
• ​Core Technology: AWS, Azure, GCP, Snowflake, Git, CI/CD, and Python.
• ​Framework Focus: MITRE ATT&CK.

​Key Responsibilities: Detection Lifecycle & Incident Response

​This role is divided between proactive “defense engineering” and reactive “high-tier response.”

​Detection Engineering Lifecycle

​You will lead the end-to-end detection engineering process. This involves using Git and CI/CD pipelines to develop, test, and deploy high-quality detection rules (signatures and queries). You will map these detections to the MITRE ATT&CK Framework to ensure comprehensive coverage of adversary techniques like lateral movement and credential access. To stay ahead of novel threats, you will leverage AI/ML capabilities to identify anomalies that traditional rules might miss.

​Incident Response & Triage (Tier-2)

​You serve as the primary escalation point for the L1 SOC. When complex alerts are triggered, you perform deep-dive forensics across Windows, Linux, and Cloud environments to identify the root cause. During major security events, you lead the incident handling process—from containment to retrospect—ensuring that lessons learned are turned back into new detection rules.

​Security Data Optimization

​You will partner with Security Engineering to optimize data ingestion into your SIEM or Data Lake (Snowflake). This ensures that the logs you are querying are of high quality and that search performance remains fast enough for real-time detection. You will also develop Standard Operating Procedures (SOPs) and automated playbooks to streamline response actions for the entire IR team.

​Required Qualifications and Skills

​Pennymac is looking for a “Detection-as-Code” practitioner who understands the nuances of the mortgage industry’s regulatory landscape.

• ​Experience: Extensive background in Security Operations (SOC) or Security Engineering.
• ​Technical Breadth: Expert knowledge of Windows, Linux, MacOS, and the big three cloud providers (AWS, Azure, GCP).
• ​Scripting/Automation: 2+ years of experience in Python or other languages to automate response actions and tasking.
• ​Security Frameworks: Mastery of the MITRE ATT&CK framework and a deep understanding of modern hacking techniques (exploitation, persistence, etc.).
• ​Data Platforms: Experience with Snowflake or similar Data Lake technologies for large-scale security analytics.
• ​Soft Skills: Strong leadership and mentorship abilities to guide junior incident responders.

​Summary of Role Impact

​As a specialty financial firm, Pennymac manages a massive volume of sensitive consumer data. In this role, your detection rules are the “first line of defense” that protects millions of American homeowners. By shifting detection to a version-controlled, automated model, you reduce the time it takes to identify an intruder from days to minutes. Your ability to bridge the gap between Threat Intelligence and SOC Operations ensures that Pennymac’s security posture is constantly evolving to meet the latest cyber threats.