Principal Engineer, Security Operations

About the Role Digital Turbine is seeking a Principal Engineer of Security Operations professional to drive the evolution of our global Security Operations Center (SOC). Full‑time role with bonus plan, equity plan, 401K and unlimited PTO. Please note that Digital Turbine is a hybrid work environment; only candidates local to the posting location will be considered.

Responsibilities Serve as the primary technical authority for Digital Turbine’s SOC ecosystem and cloud threat detection strategy. Optimize and mature our relationship with a Managed Security Services Provider (MSSP), ensuring detection quality, response speed, and continuous tuning meet DT’s requirements. Lead and execute complex incident investigations, encompassing triage, analysis, containment, and remediation across GCP, AWS, and containerized workloads (Kubernetes, serverless, etc.).

Design and maintain advanced detection and automation use cases using SIEM, SOAR, and log management platforms, tailored to DT’s cloud environments. Operationalize and fine‑tune tools such as CrowdStrike, Orca Security, and related platforms to maximize visibility and protection coverage. Develop, test, and enhance incident response playbooks and threat‑hunting methodologies aligned with MITRE ATT&CK and industry best practices.

Plan, coordinate, and execute tabletop exercises, as well as business continuity (BC) and disaster recovery (DR) drills, to validate response readiness and cross‑team coordination. Define and track SOC performance metrics (e.g., MTTD, MTTR), producing clear and actionable insights for leadership and technical stakeholders. Collaborate with DevOps, application engineering, GRC, and legal teams to embed operational security practices that support compliance and business goals.

Contribute to vendor selection, tooling evaluation, and threat intelligence initiatives that strengthen DT’s overall security posture. Act as a mentor and thought leader for peers and cross‑functional partners on detection engineering, incident response, and cloud security best practices. Qualifications 12+ years of cybersecurity experience with deep expertise in security operations, threat detection, or incident response within global enterprise or SaaS environments.

Significant hands‑on experience developing and managing SOC functions for GCP and AWS, including cloud logging, monitoring, and automation. Strong familiarity with MSSP models, understanding how to measure and improve service quality through engineering insight and data. Proficiency with SOC tooling such as CrowdStrike, Orca, SIEM/SOAR platforms, and related telemetry and automation tools.

Deep understanding of modern adversary tradecraft, cloud attack paths, and detection engineering frameworks. Experience supporting or interfacing with compliance programs such as SOC 2, ISO 27001, or SOX. Excellent analytical and communication skills, with the ability to present technical findings and risks to both engineers and executives.

Advanced security certifications such as CISSP, GCIH, GCFA, CISM, or CCFR are highly desirable. Google Cloud certifications (e.g., Professional Cloud Security Engineer, Professional Cloud Architect) preferred. Equal Opportunity Employer Digital Turbine is an equal opportunity employer committed to exemplifying diversity and inclusion around the world.

We welcome people of different backgrounds, experiences, abilities, and perspectives. #J-18808-Ljbffr