Ever since we started in 2007, Sunrun has been at the forefront of connecting people to the cleanest energy on Earth. It’s why we’ve become the #1 home solar and battery company in America. Today, we’re on a mission to change the way the world interacts with energy, and we’re building a company and brand that puts power at the center of life. And we’re doing it by designing a dynamic culture where employee development, well-being, and safety come first. We’re unlike any other solar company. Our vertically integrated model gives us total control over every part of the energy lifecycle – from sale through installation and beyond – so you can find endless opportunities for growth. Come join a career you can grow in and a culture you can run with.
This position is primarily remote, with occasional visits to a local office or our corporate headquarters for team-building, training, and collaborative project work. These on-site sessions are designed to strengthen connections, share insights, and ensure a seamless experience for our team and customers. Equipment pick-up from a local branch will be required. We will provide advance notice whenever on-site attendance is required, making these times purposeful and rewarding.
We are seeking a highly motivated and experienced Staff Security Operations Center (SOC) Engineer to join our dynamic security team. This critical role is responsible for leading a team of SOC analysts, overseeing the daily operations of our security monitoring and incident response functions, and ensuring the continuous improvement of our security posture. The ideal candidate will possess strong technical expertise, leadership skills, and a passion for defending against cyber threats.
Key Responsibilities
Team Leadership & Mentorship:
Incident Response & Management:
Act as a primary escalation point for complex security incidents, ensuring timely and effective resolution.Oversee the entire incident response lifecycle, from detection and analysis to containment, eradication, recovery, and post-incident review.Develop, refine, and enforce incident response playbooks and standard operating procedures (SOPs).Drive post-incident analysis (lessons learned) to identify root causes and implement preventative measures.Security Monitoring & Alerting:
Oversee the monitoring of security events and alerts from various security tools (SIEM, EDR, IDS/IPS, WAF, DLP, etc.).Optimize and tune security monitoring tools to reduce false positives and improve alert fidelity.Develop and implement new detection rules, use cases, and threat hunting methodologies.Threat Intelligence & Hunting:
Lead proactive threat hunting exercises to identify advanced persistent threats (APTs), zero-day exploits, and other sophisticated attacks not caught by automated tools.Integrate and operationalize threat intelligence to enhance detection capabilities.Stay current with the latest cybersecurity threats, vulnerabilities, and attack techniques.Operational Excellence & Reporting:
Develop and maintain SOC metrics, dashboards, and regular reports on security incidents, trends, and team performance for management.Ensure adherence to internal policies, industry best practices, and regulatory compliance requirements (e.g., ISO 27001, NIST, SOC 2, GDPR, HIPAA).Identify and implement opportunities for automation to streamline SOC operations and improve efficiency.Manage and optimize SOC tools and technologies.Collaboration & Communication:
Collaborate effectively with cross-functional teams, including IT operations, engineering, legal, and compliance.Communicate complex security concepts and incident details clearly and concisely to technical and non-technical stakeholders.Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.5+ years of experience in security operations, with at least 2+ years in a leadership or senior analyst role within a SOC.Demonstrated experience managing security operations and incident responseProven experience with SIEM platforms (e.g., Splunk, Exabeam, Sentinel, QRadar, Elastic SIEM), including alert creation, dashboarding, and log analysis.Strong understanding of incident response methodologies (e.g., NIST, SANS).Solid knowledge of networking protocols, operating systems (Windows, Linux), cloud environments (AWS, Azure, GCP), and common attack vectors.Experience with EDR/XDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender ATP).Familiarity with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain).Scripting proficiency (e.g., Python, PowerShell) for automation and data analysis is highly desirable.Excellent analytical, problem-solving, and decision-making skills.Exceptional communication (written and verbal), interpersonal, and presentation skills.Ability to work effectively under pressure and manage multiple priorities in a fast-paced environment.
Preferred Qualifications
Recruiter:
Kristina Sedjo (kristina.sedjo@sunrun.com)Please note that the compensation information is made in good faith for this position only. It assumes that the successful candidate will be located in markets within the United States that warrant the compensation. Please speak with your recruiter to learn more.
Starting salary/wage for this opportunity:
150,290.60 to 180,348.72Compensation decisions will not be based on a candidate's salary history. You can learn more here.
This job description outlines the primary responsibilities, some essential job functions, and qualifications for the role. It may not include all essential functions, tasks, or requirements. If you are a qualified individual with a disability and you need reasonable accommodation during the hiring process or to perform this role, please contact us at candidateaccommodations@sunrun.com.
Sunrun is proud to be an equal opportunity employer that does not tolerate discrimination or harassment of any kind. We believe that empowering people and valuing their differences are essential for our mission of connecting people to the cleanest energy on earth. Learn more here: EEO | Sunrun