Life at UiPath
The people at UiPath believe in the transformative power of automation to change how the world works. We’re committed to creating category-leading enterprise software that unleashes that power.
To make that happen, we need people who are curious, self-propelled, generous, and genuine. People who love being part of a fast-moving, fast-thinking growth company. And people who care—about each other, about UiPath, and about our larger purpose.
Could that be you?
Your mission
As a Security Operations Engineer II, you are an experienced professional specializing in threat management and incident response. You handle the end-to-end process of investigating, containing, and remediating security incidents. You collaborate with Threat Intelligence and Detection Engineering teams to ensure that today's incidents become tomorrow's prevented attacks. With a builder's mindset, you automate tasks that shouldn't be done manually and develop playbooks for those that should.
What you'll do at UiPath
- Own incidents end-to-end - from real-time triage of SIEM, EDR, network, identity, and cloud telemetry, through containment and eradication across those domains, to written and verbal communication with technical and non-technical stakeholders.
- Conduct root cause analysis and close the loop with Product, Engineering, Technology, Corporate and Security teams so each incident produces durable detections, controls, or playbook updates that prevent recurrence.
- Conduct proactive threat hunting across enterprise, and cloud telemetry to identify and mitigate threats before they manifest as incidents.
- Develop and maintain incident response playbooks and runbooks, and exercise them through drills and tabletops that surface gaps in readiness.
- Manage, tune and contribute to detection and response tooling stack (SIEM, EDR, SOAR, case management), contributing to roadmap and configuration standards. Provide technical guidance and mentorship to junior IR analysts and adjacent security teams.
- Automate routine SecOps tasks with a DevOps/IaC mindset and integrate security tooling via APIs, including SOAR playbooks and supporting services.
What you'll bring to the team
- Strong working knowledge of incident response frameworks (NIST 800-61, SANS PICERL) and a deep understanding of modern attacker TTPs, malware behavior, and MITRE ATT&CK.
- Solid understanding of operating system internals (Windows, Linux, macOS), networking protocols, identity systems, and at least one major cloud platform (AWS, Azure, or GCP) with preference for Azure
- Foundational understanding of malware analysis and digital forensics methodology. Analytical depth - performs complex analysis of network, host, identity, and cloud logs and reaches sound conclusions under time pressure.
- Sound judgment under pressure - exercises discretion in selecting methods and tooling, knows when to escalate, and brings critical thinking and problem-solving to ambiguous situations.
- Effective use of coding agents (Claude Code, Copilot, Cursor) and LLM-based tools to accelerate detection development, investigation, and reporting - applying sound judgment around code validation, sensitive data handling, hallucination risk, and chain of custody, and able to advise on safe enterprise AI adoption.
Qualifications
- Minimum 3 years of experience in Security Operations roles (SOC analyst, incident responder, detection engineer, threat hunter, or equivalent).
- Demonstrated ownership of incidents end-to-end, including containment decisions and stakeholder communication.
- Hands-on experience with at least one major SIEM (Sentinel, Splunk, Chronicle, Elastic) and at least one EDR (Defender XDR, CrowdStrike, SentinelOne).
- Working scripting ability in one of the following: Python, PowerShell, Bash, or Node;
- Working ability to author and tune KQL queries or similar languages for Analytics and Hunting rules. Practical experience using coding agents and/or LLM tooling in a professional workflow.
Maybe you don’t tick all the boxes above—but still think you’d be great for the job? Go ahead, apply anyway. Please. Because we know that experience comes in all shapes and sizes—and passion can’t be learned.
Many of our roles allow for flexibility in when and where work gets done. Depending on the needs of the business and the role, the number of hybrid, office-based, and remote workers will vary from team to team. Applications are assessed on a rolling basis and there is no fixed deadline for this requisition. The application window may change depending on the volume of applications received or may close immediately if a qualified candidate is selected.
We value a range of diverse backgrounds, experiences and ideas. We pride ourselves on our diversity and inclusive workplace that provides equal opportunities to all persons regardless of age, race, color, religion, sex, sexual orientation, gender identity, and expression, national origin, disability, neurodiversity, military and/or veteran status, or any other protected classes. Additionally, UiPath provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review these and other legal disclosures, visit our privacy policy.