Principal Security Operations and Enablement Engineer

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24/7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers' protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

Security Operations and Enablement Engineering is the layer between what the security organization needs and what the core platform provides. As a SO&E Engineer, you will close that gap by taking requirements surfaced by Operations and building the workflows, automations, and tooling that make detection and response faster, more consistent, and more scalable. This is not a role that waits for tickets. You will be in the room where operational problems get diagnosed, then own the technical execution that solves them.

The work is varied by design. On any given week that might mean building a dashboard that gives leadership real operational visibility, automating a manual process that is costing analysts time, or translating a fuzzy operational complaint into a scoped, buildable requirement. AI and agentic workflows are part of the toolkit here, but the through line is pragmatic problem solving: find what is slowing the security organization down and build something that fixes it.

• →Own and evolve the SO&E technical strategy, including how the function identifies, prioritizes, and delivers against operational gaps that the core platform does not address
• →Serve as the primary technical translator for requirements surfaced by SOC and Support Operations Managers, turning operational pain points into scoped, buildable solutions against a prioritized backlog
• →Partner with the Director to translate Product and operational priorities into scoped technical requirements, ensuring SO&E delivery is sequenced against the gaps that matter most to the business
• →Translate operational requirements into precise technical solutions including workflow automations, API integrations, internal tooling, and custom dashboards — and establish the standards others build to as the function scales
• →Build and maintain reporting and dashboard infrastructure that gives operators and leadership meaningful visibility into security performance and workflow health
• →Identify and drive toil reduction across SOC and Support workflows through automation, tooling improvements, and smarter use of existing capabilities including AI where appropriate
• →Evaluate new platforms and technologies against backlog needs, with a bias toward solutions that keep the team tool-agnostic and avoid unnecessary dependency
• →Establish and document technical standards across the build lifecycle that support long-term scalability and create a foundation for the function to grow on

• 5+ years building workflow automations, internal tooling, or operational infrastructure in a technical environment, ideally within security or a similarly complex domain
• Demonstrated ability to operate across organizational functions — translating operational pain from non-technical stakeholders into precise, scoped technical requirements without significant back-and-forth
• Proficiency in Python or similar scripting languages, with the ability to write clean, maintainable code that establishes patterns others can build on
• Experience building and maintaining API integrations to connect tools and systems that don't talk to each other out of the box
• Familiarity with security operations tooling including SIEMs, ticketing systems, and alerting platforms, sufficient to understand how analysts work and where automation creates real leverage
• Experience building dashboards and reporting tooling sufficient to create meaningful operational visibility without relying on a dedicated BI team
• Comfort operating in an ambiguous, fast-moving environment where the function is still being defined — able to set technical direction without a fully established playbook