cybersecurity engineer senior, threat detection and response

Now Brewing – cybersecurity engineer senior, threat detection and response! #tobeapartner From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. We are known for developing extraordinary leaders who share this passion and are guided by their service to others. This role contributes to Starbucks’ success by operating within the Security Operations Center (SOC) to detect, investigate, and respond to cybersecurity threats across the enterprise. You will leverage SIEM and SOAR platforms to perform advanced log analysis, validate alert fidelity, and continuously assess the operational health and coverage of Starbucks’ security tooling. You will design, build, and tune detections within the SIEM, translating real world adversary behaviors and MITRE ATT&CK aligned TTPs into high confidence, actionable alerts. This includes authoring and maintaining detection logic (e.g., KQL, SPL, or equivalent), reducing false positives and closing visibility gaps. The role also focuses on maturing automation through SOAR by developing playbooks that standardize and accelerate investigation, enrichment, containment, and response workflows. You will integrate SOAR with security and IT platforms to automate repeatable actions. The ideal candidate demonstrates strong analytical problem solving skills, clear technical communication, and deep expertise in modern attack techniques, logging architectures, and SOC operations. A proven, hands on track record of advancing detection engineering, SIEM/SOAR effectiveness, and incident response capabilities in highly targeted, large scale environments is essential. Success in this role is defined by measurable contributions to a world class SOC and cybersecurity program that proactively detects threats, rapidly contains incidents, and drives consistent, effective resolution across all cybersecurity events. As a cybersecurity engineer senior, threat detection and response, you will... * Identify, evaluate, and appropriately address alerts and incidents * Develops detections based on the MITRE ATT&CK Framework * Proactively identifies emerging threats and conducts threat hunting for undetected activity within the environment * Assess alerts to establish their legitimacy, and urgency * Adhere to SOC playbooks and standard operating procedures (SOPs) to promote consistency in triage and decision-making. * Conduct a thorough review and audit of existing logging systems to identify any gaps in detection capabilities. * Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews * Performs in-depth investigations on Windows, Linux, and MacOS hosts * Create stories to enhance the SOAR environment for engineers * Enhance SOC processes with feedback and operational insights * Serves as both a mentor and an escalation point for SOC engineers * Tune security tool configuration to minimize false positives * Work closely with security leaders, engineers, and compliance teams to implement effective security plans * Serve as a subject matter expert for security tools, applications, and processes We’d love to hear from people with... * 5+ years of experience working in an information technology discipline * 4+ years of security operations experience * 2+ years of detection engineering experience * 2+ years of Threat hunting experience * Deep technical understanding of modern Cybersecurity threats * Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework * Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, or Java * Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security * Basic understanding of compliance and regulatory requirements such as SOX and PCI. * Ability to balance multiple priorities and meet deadlines * Excellent problem-solving abilities * Passionate about cybersecurity and self-driven to become an expert Preferred Qualifications * Demonstrated expertise in at least two technologies, such as SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, or Container Security. * Skilled in at least two focus areas, including Phishing, Data Loss Prevention (DLP), Compliance, Networking, Digital Forensics, Big Data, Threat Intelligence, Operating Systems, or Reverse Engineering. * Actively supports the cybersecurity community by teaching or contributing code. * Holds certifications like CISSP, SSCP, GCIH, or other credentials emphasizing cybersecurity. As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com. *If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity. At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. Join us and inspire with every cup. Apply today! Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances. Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...