This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Aurora’s mission is to deliver the benefits of self-driving technology safely, quickly, and broadly. The Aurora Driver will create a new era in mobility and logistics, one that will bring a safer, more efficient, and more accessible future to everyone. At Aurora, you will tackle massively complex problems alongside other passionate, intelligent individuals, growing as an expert while expanding your knowledge. This is not a software engineering role. It's a role for an elite security operator — someone with the instincts of a seasoned SOC analyst and the technical depth to own the platforms that power detection, response, and protection at enterprise scale. If you find deep satisfaction in mastering a tool, closing a coverage gap, or hunting down a threat that nobody else noticed, this role was written for you.
Job Responsibility
Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack
Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats
Conduct proactive threat hunting across Aurora's security telemetry
Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues
Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents
Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do
Maintain operational runbooks, detection documentation, and platform configuration records
Requirements
12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role
Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others
Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations
Strong log analysis and threat hunting skills
Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review
Ability to assess security control effectiveness
Comfort working under pressure in ambiguous, fast-moving situations with competing priorities
Nice to have
Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar)
Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development
Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM
Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms
Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA