Sr. Information Security Engineer

Overview

The Senior Information Security Engineer at Crocs, Inc. will be responsible for leading detection engineering efforts for our SIEM and partnering with our Managed Security Service Provider (MSSP). This role will also help drive AI Security and Data Security Posture Management (DSPM) capabilities by improving visibility, controls, and monitoring across cloud, SaaS, and on-prem environments. The position involves developing advanced detection and monitoring, tuning and optimizing SIEM rules, collaborating with the SOC team to enhance threat detection and incident response, and strengthening the security posture of sensitive data and AI-enabled applications.

What You'll Do

• Lead the design, implementation, and maintenance of advanced detection and monitoring mechanisms within the SIEM and related security platforms.
• Partner with application, data, and platform teams to implement AI Security controls for AI-enabled applications and services (e.g., secure design reviews, threat modeling, monitoring, and guardrails).
• Lead DSPM initiatives, including sensitive data discovery, classification, exposure analysis, and remediation tracking across cloud, SaaS, and on-prem data stores.
• Develop, tune, and optimize SIEM rules and use cases to improve the accuracy and effectiveness of threat detection.
• Collaborate with the SOC team and MSSP to enhance threat detection and response capabilities.
• Integrate security telemetry (logs, events, and signals) from endpoint, cloud, SaaS, identity, data, and application sources into the SIEM to ensure comprehensive visibility and monitoring.
• Conduct regular assessments of detection coverage and security posture (including data exposure and AI-enabled application monitoring) to identify and remediate gaps in visibility, controls, or performance.
• Analyze and interpret security logs, alerts, and data posture findings to identify potential threats, misconfigurations, sensitive data exposure, and AI abuse patterns.
• Conduct attack simulations and purple-team exercises to validate and improve detections for endpoint, identity, cloud, data, and AI-related threats.
  Review and apply threat intelligence to improve detections for emerging threats and vulnerabilities, including cloud, SaaS, data exfiltration, and AI/LLM-related attack techniques.
• Develop and implement automation playbooks for SOAR to streamline and enhance incident response processes, including data exposure/exfiltration scenarios and AI-related alerts.
• Provide guidance and mentorship to junior security engineers and SOC analysts on detection engineering and incident response best practices.
• Manage ticket queues, handle escalations, and review operational metrics to ensure the effectiveness of detection and response efforts.
• Maintain strong communication with partners, including senior management, to report on detection capabilities and security incidents

What You'll Bring to the Table

• Bachelor’s degree or equivalent experience in computer science, information security, or a related field preferred; certifications such as CISSP, GIAC, or similar are preferred.
• 9+ years of experience in IT and information security roles, with a focus on detection engineering and SIEM management.
• In-depth knowledge of SIEM platforms and experience with rule development and optimization.
• Experience working with MSSPs and SOC teams to enhance detection and response capabilities.
• Hands-on experience with DSPM and/or data security capabilities, such as data discovery and classification, exposure analysis, data access governance, and remediation workflows; familiarity with data governance and privacy principles and how they apply to sensitive data handling and AI use cases.
• Experience with AI Security concepts and practices, including securing AI-enabled applications, understanding common AI/LLM risks (e.g., prompt injection, data leakage), and implementing monitoring/guardrails.
• Solid understanding of log management, correlation, analysis, and security telemetry across endpoint, identity, cloud, SaaS, and data platforms.
• Experience with integrating various log sources into SIEM platforms.
• Knowledge of security frameworks and standards, including NIST, ISO/IEC 27001, and PCI-DSS.
• Proficiency with security tools and technologies across endpoint, network, cloud, and data protection domains (e.g., EDR, IDS/IPS, firewalls, CASB/SSE, DLP).
• Advanced knowledge of Windows and Linux operating systems and their security configurations.
• Strong analytical and problem-solving skills with the ability to interpret complex security data.
• Superb communication and collaboration skills, with the ability to simplify technical concepts for non-technical partners.