Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents. • Personally write SIEM detection rules (Wazuh, Splunk ...
Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents. • Personally write SIEM detection rules (Wazuh, Splunk ...
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Quick apply
Apply Early
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Apply Early
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Security Analyst / ISSO
Chevy Chase, MD · On-site
Assess all 110 NIST SP 800-171 practices for implementation and effectiveness; map existing controls (Wazuh, ThreatDown, Tenable, ManageEngine, AD GPOs, SnipeIT) to CMMC requirements, identify gaps ...
Security Analyst / ISSO
Chevy Chase, MD · On-site
Assess all 110 NIST SP 800-171 practices for implementation and effectiveness; map existing controls (Wazuh, ThreatDown, Tenable, ManageEngine, AD GPOs, SnipeIT) to CMMC requirements, identify gaps ...
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Quick apply
Apply Early
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Apply Early
Senior Platform Engineer - Security
New York, NY · On-site
$165K - $205K/yr
Background with SIEM, EDR, or log aggregation tools (Elastic, Splunk, Wazuh, Falco), secrets management (Vault), and disk encryption (LUKS/dm-crypt). Annual Compensation Range: $165,000 - $205,000 ...
Quick apply
Apply Early
Senior Platform Engineer - Security
New York, NY · On-site
$165K - $205K/yr
Background with SIEM, EDR, or log aggregation tools (Elastic, Splunk, Wazuh, Falco), secrets management (Vault), and disk encryption (LUKS/dm-crypt). Annual Compensation Range: $165,000 - $205,000 ...
Apply Early
Senior Platform Engineer - Security
Bradenton, FL · On-site
$165K - $205K/yr
Background with SIEM, EDR, or log aggregation tools (Elastic, Splunk, Wazuh, Falco), secrets management (Vault), and disk encryption (LUKS/dm-crypt). Annual Compensation Range: $165,000 - $205,000 ...
Quick apply
Apply Early
Senior Platform Engineer - Security
Bradenton, FL · On-site
$165K - $205K/yr
Background with SIEM, EDR, or log aggregation tools (Elastic, Splunk, Wazuh, Falco), secrets management (Vault), and disk encryption (LUKS/dm-crypt). Annual Compensation Range: $165,000 - $205,000 ...
Apply Early
Infrastructure Engineer
Bentonville, AR · On-site
$94K - $123K/yr
Using monitoring and analysis tools such as Datadog and Wazuh IDS to collect and analyze system performance metrics for capacity planning, proactive response, and troubleshooting. * The application ...
Infrastructure Engineer
Bentonville, AR · On-site
$94K - $123K/yr
Using monitoring and analysis tools such as Datadog and Wazuh IDS to collect and analyze system performance metrics for capacity planning, proactive response, and troubleshooting. * The application ...
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Quick apply
Apply Early
Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins ...
Apply Early
Information System Security Officer (ISSO) with Security Clearance
Fall River, MA · On-site
$90K - $150K/yr
Proficiency with SIEM tools (Wazuh, Splunk, SolarWinds Security Event Manager) * Experience with Cybersecurity tools (Tenable Security Center, Trellix ePO, Tanium, WSUS, RedHat Satellite) * Ability ...
Information System Security Officer (ISSO) with Security Clearance
Fall River, MA · On-site
$90K - $150K/yr
Proficiency with SIEM tools (Wazuh, Splunk, SolarWinds Security Event Manager) * Experience with Cybersecurity tools (Tenable Security Center, Trellix ePO, Tanium, WSUS, RedHat Satellite) * Ability ...
Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents. • Personally write SIEM detection rules (Wazuh, Splunk ...
Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents. • Personally write SIEM detection rules (Wazuh, Splunk ...
Infrastructure Engineer
Tulsa, OK · Hybrid
$98K - $128K/yr
Using monitoring and analysis tools such as Datadog and Wazuh IDS to collect and analyze system performance metrics for capacity planning, proactive response, and troubleshooting. * The application ...
Infrastructure Engineer
Tulsa, OK · Hybrid
$98K - $128K/yr
Using monitoring and analysis tools such as Datadog and Wazuh IDS to collect and analyze system performance metrics for capacity planning, proactive response, and troubleshooting. * The application ...
Experience with vulnerability scanners (Wazuh) * Understanding of JSIG/DCSA requirements Benefits & Perks As an Employee First company, we offer a comprehensive and competitive total rewards package ...
Experience with vulnerability scanners (Wazuh) * Understanding of JSIG/DCSA requirements Benefits & Perks As an Employee First company, we offer a comprehensive and competitive total rewards package ...
You have experience with security tools like vulnerability scanners (Nessus/Trivy), HIDS/NIDS (Wazuh/Zeek), and SIEM/SOAR platforms (Splunk/ELK/Datadog). * You understand the vulnerability lifecycle ...
You have experience with security tools like vulnerability scanners (Nessus/Trivy), HIDS/NIDS (Wazuh/Zeek), and SIEM/SOAR platforms (Splunk/ELK/Datadog). * You understand the vulnerability lifecycle ...
Security Engineer
Oakland, CA · On-site
You have experience with security tools like vulnerability scanners (Nessus/Trivy), HIDS/NIDS (Wazuh/Zeek), and SIEM/SOAR platforms (Splunk/ELK/Datadog). * You understand the vulnerability lifecycle ...
Security Engineer
Oakland, CA · On-site
You have experience with security tools like vulnerability scanners (Nessus/Trivy), HIDS/NIDS (Wazuh/Zeek), and SIEM/SOAR platforms (Splunk/ELK/Datadog). * You understand the vulnerability lifecycle ...
Full Stack Engineer
AZ · On-site +1
Prometheus, Tempo, or Wazuh SIEM * Published technical writing, talks, or open-source maintainership How you work * You debug by reading code and logs, not by guessing * You verify your changes work ...
Full Stack Engineer
AZ · On-site +1
Prometheus, Tempo, or Wazuh SIEM * Published technical writing, talks, or open-source maintainership How you work * You debug by reading code and logs, not by guessing * You verify your changes work ...
Wazuh information
What are the key skills and qualifications needed to thrive as a Wazuh Security Analyst, and why are they important?
What are Wazuh engineers?
What are the typical responsibilities of a Wazuh engineer during a security incident?
Full-time
Posted 24 days ago
Job description
Bitdeer is a world-leading technology company for AI and Bitcoin mining infrastructure. They are seeking an AI Cloud Security Operations Lead for the Americas to oversee the security operations of AI Data Centers, ensuring robust incident response and security measures are in place across multiple locations.
Responsibilities:
• Serve as the primary on-call security lead for the Americas region. Own 7×24 alert triage, incident response, and root cause analysis for AIDCs in CA, TN, WA, and beyond. Act as the primary security decision-maker during Americas business hours (PST 09:00–18:00) when Singapore HQ is offline.
• Personally drive the response to high-severity incidents (P0/P1) including GPU cluster cryptojacking, ransomware, data exfiltration, and tenant escape scenarios. Lead the full forensics, containment, and recovery cycle.
• Build and maintain Americas regional incident response playbooks and runbooks. Collaborate with the global SecOps team on SIEM detection rules, SOAR automation, and IR tabletop exercises.
• Lead customer security incident response—handle customer tickets, engage customer security teams, and coordinate with Sales and Customer Success on external communications. Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents.
• Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins, container escape, Kubernetes API abuse, and InfiniBand network anomalies.
• Design detection coverage assessments based on the MITRE ATT&CK Cloud Matrix and Container Matrix. Proactively identify and close visibility blind spots.
• Lead hypothesis-driven threat hunting activities. Conduct at least two structured hunting campaigns per month, producing comprehensive hunting reports and new detection rules.
• Design runtime detection capabilities using eBPF tools (Tetragon, Falco, Cilium) to complement traditional HIDS detection blind spots.
• Operationalize detection-as-code practices in the Americas region, including version-controlled detection rules, CI/CD pipelines, unit testing, and coverage metrics.
• Lead pre-production security readiness assessments for all Americas AIDCs. This covers perimeter networks, OOB management networks, BMC/IPMI hardening, KVM/QEMU virtualization baselines, GPU isolation validation (MIG/vGPU/Time-Slicing), and InfiniBand SM-key/M-key/P-key configuration reviews.
• Personally drive host hardening initiatives, including Linux baselines (CIS Benchmarks), auditd configuration, SSH hardening, privileged account management, and firmware/microcode CVE tracking.
• Partner with the Platform Engineering team to deploy eBPF-based runtime security monitoring (Tetragon/Falco) to cover container escape and anomalous syscall detection.
• Track CVEs for NVIDIA GPU drivers, CUDA, NCCL, UFM, BMC firmware, and other critical components. Lead the Americas regional vulnerability response and patch window negotiations.
• Lead Americas regional IAM and privileged access management by deploying jump host solutions (Teleport / Boundary), JIT access, and privileged session recording/auditing.
• Lead the configuration and operations of perimeter firewalls, IPS, and WAF for all three Americas AIDCs.
• Engage DDoS scrubbing services (Cloudflare Magic Transit, Arbor, or equivalent) and build robust Americas regional DDoS response plans.
• Establish east-west traffic baselines based on NetFlow / IPFIX to identify anomalous traffic patterns (data exfiltration, C2 communication, lateral movement).
• Configure BGP RPKI, source address validation (uRPF), and other network-layer security controls.
• Plan and deploy traffic analysis solutions (e.g., Panabit NTM) at Americas AIDCs to enable full traffic traceability at physical boundaries.
• Serve as the security incident response interface for Americas customers. Respond to customer-submitted security tickets, abuse complaints (cryptomining, unauthorized scanning, illegal content), and incident notifications.
• Handle US law enforcement requests (FBI, DEA, Secret Service, local police) including subpoenas, search warrants, and preservation orders. Collaborate closely with Legal to respond within statutory windows.
• Establish Americas regional customer security incident SLA tracking and post-incident review mechanisms.
• Establish seamless security collaboration mechanisms between the Americas and Singapore HQ via daily handoffs, weekly syncs, incident bridges, and on-call escalation paths.
• Serve as the Americas regional compliance support interface. Partner with the Singapore GRC Manager to provide the evidence collection and control implementation needed for SOC 2 US scope expansion.
• Represent Bitdeer AI Cloud Security within local US security communities and industry events (BSides, DEF CON, Cloud Security Alliance US).
Qualifications:
Required:
• Bachelor's degree or higher in Computer Science, Cybersecurity, Computer Engineering, or a related technical field.
• 10+ years of hands-on information security experience, with at least 5 years strictly focused on cloud infrastructure / IaaS / data center security technical operations roles (not pure management or documentation roles).
• Deep incident response experience as an Incident Commander, having successfully led at least 5 P0/P1 security incidents end-to-end. Thoroughly familiar with the NIST SP 800-61 IR process.
• Deep expertise in Linux system security, network protocols, TCP/IP, virtualization (KVM/QEMU), and container/Kubernetes security.
• Hands-on experience with at least one mainstream SIEM platform (Wazuh / Splunk / Elastic SIEM / Sentinel) and the ability to independently write detection rules. Familiarity with the SIGMA rule format is required.
• Familiar with the MITRE ATT&CK Framework (Cloud Matrix and Container Matrix) with a proven ability to design detection coverage assessments.
• Strong scripting and programming skills: Python (Required) + Shell (Required); Go or Rust are highly preferred. Ability to independently develop security tools and automation scripts.
• Familiarity with the eBPF technology stack (Tetragon / Falco / Cilium) and a strong understanding of its application in cloud-native runtime security.
• Familiarity with at least one IaC tool (Terraform / Ansible) and standard Git workflows to codify security configurations.
• At least one of the following industry certifications is required: GCIH, GCIA, GCFA, OSCP, CISSP, CCSP.
• Professional fluency in both English and Mandarin Chinese is required. Must be able to communicate effectively in English with US customers, MSSPs, law enforcement, and auditors, and in Mandarin with the Singapore HQ team and management for complex technical discussions and strategic reporting.
• Willingness to accept irregular working hours. Must participate in a 7×24 on-call rotation during major incidents and conduct daily cross-time-zone coordination with Singapore HQ (SGT).
Company:
Bitdeer is a world-leading technology company for AI and Bitcoin mining infrastructure. Founded in 2018, the company is headquartered in Singapore, SGP, with a team of 201-500 employees. The company is currently Growth Stage.