Exelixis · 2 hours ago
Senior Staff Engineer - Cybersecurity
Alameda, CA
Full-time
Onsite
Senior Level, Lead/Staff
$150K/yr - $213K/yr
9+ years expExelixis is a rapidly growing company in the biotechnology sector, and they are seeking a Senior Staff Engineer to join their cybersecurity team. The role focuses on threat detection, incident response, and continuous monitoring to protect the organization’s critical assets.
BiotechnologyHealth CarePharmaceutical
Responsibilities
Oversee the end-to-end threat management process, from initial detection and analysis to containment, eradication, and recovery. Ensure that all incidents are thoroughly investigated and documented, and that lessons learned are incorporated into future threat management strategies
Lead and coordinate incident response efforts with different groups, ensuring timely and effective resolution of cybersecurity incidents
Develop and maintain incident response plans and playbooks to guide the team during cybersecurity events
Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve accuracy and coverage. This includes conducting regular threat hunting exercises to identify gaps and areas for improvement
Create and refine correlation rules within the SIEM to identify complex attack patterns and reduce false positives. This involves analyzing cybersecurity events and developing rules that accurately detect malicious activities
Incorporating threat intelligence feeds into the team’s detection capabilities to stay updated on the latest threats and attack techniques. Use this intelligence to enhance detection rules and response strategies
Utilize machine learning and behavioral analytics to identify anomalies and potential threats that traditional signature-based tools might miss. This includes analyzing user behaviors and network traffic to detect suspicious activities
Regularly review and fine-tune the configurations of current cybersecurity tools such as SIEM, EDR, and IDS/IPS to ensure they are effectively detecting and alerting on potential threats
Conduct and analyze phishing simulations to assess and improve the organization's resilience against phishing attacks. Develop training and awareness programs based on the results to educate employees on recognizing and responding to phishing attempts
Work with various log sources and data feeds to enhance the visibility and detection capabilities of the team. This includes integrating logs from network devices, servers, applications, and cloud environments
Responsible for creating and maintaining playbooks to standardize and automate threat response procedures. This includes developing automated workflows to streamline incident response, reduce response times, and improve the overall efficiency and effectiveness of the cybersecurity operations team
Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify and mitigate potential cybersecurity risks
Contribute to the overall information cybersecurity strategy
Qualification
Required
Bachelor's degree in related discipline and 9+ years of related experience; or Equivalent combination of education and experience
CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required
Extensive experience in a SOC environment, with a strong background in threat detection, incident response, and threat hunting
Proven experience in implementing and managing a SOAR (Security Orchestration, Automation, and Response) platform
Experience with threat intelligence platforms and integrating threat intelligence feeds to cybersecurity tools to enrich threat detection
Experience in proactive threat hunting to identify and neutralize emerging threats
Experience with conducting and analyzing phishing simulations to enhance organizational cybersecurity awareness and resilience
Demonstrated experience and success in designing and implementing a comprehensive cybersecurity architecture that protects an organization's information assets and enables it to achieve its business objectives
Experience and successfully executing programs that meet the objectives of excellence in a dynamic business environment
Experience in leading, planning, executing, and managing projects
Experience or working knowledge of cloud, network, and application security
Proficiency with SOC tools and technologies such as SIEM (e.g., Splunk, QRadar), EDR (e.g., CrowdStrike, Cortex), and IDS/IPS (e.g., Snort, Suricata)
Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform
Ability to configure and fine-tune cybersecurity tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection
Ability to work with various data sources to create high-fidelity alert
Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats
Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework
Strong analytical skills to correlate events and make informed decisions based on data
Ability to analyze user behaviors and network traffic to detect suspicious activities
Ability to establish and maintain strong relationships with cybersecurity vendors
Good understanding of cybersecurity frameworks and standards such as, but not limited to, NIST, ISO 27001, and PCI-DSS. Ability to interpret these standards and apply them to an organization's specific cybersecurity needs
Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting, and endpoint protection
Excellent communication skills to effectively collaborate with cross-functional teams and present findings to senior management. Skilled in translating data-driven insights into clear narratives of risk and impact
Resourceful and proactive to find innovative solutions to challenges
A mindset focused on continuous learning and improvement
Ability to lead by example and mentor other cybersecurity team members
Ability to foster collaborative working relationships with technology groups and other stakeholders, including vendor relationships
Thorough planning and tracking skills, well-organized, focused on results, capable of managing multiple projects, excellent time management with respect to priorities and self-management
Outstanding judgment and problem-solving skills, including negotiation and conflict resolution
Ability to work in a team environment, create timelines, and continually make necessary adjustments
Preferred
Experience in Biotech/Pharma is a plus
Benefits
401k plan with generous company contributions
Group medical, dental and vision coverage
Life and disability insurance
Flexible spending accounts
Discretionary annual bonus program
Sales-based incentive plan
Opportunity to purchase company stock
Receive long-term incentives
15 accrued vacation days in their first year
17 paid holidays including a company-wide winter shutdown in December
Up to 10 sick days throughout the calendar year
Company
Exelixis
Exelixis works is focused on discovering, developing and commercializing therapies for the treatment of cancer and other serious diseases.
1001-5000 employees
H1B Sponsorship
Exelixis has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (39)
2024 (25)
2023 (25)
2022 (28)
2021 (29)
2020 (15)
Funding
Current Stage
Public CompanyTotal Funding
$514MKey Investors
Deerfield
2015-07-23Post Ipo Equity· $135M
2012-02-16Post Ipo Equity· $65M
2010-06-03Post Ipo Debt· $160M
Leadership Team
Michael Morrissey
President and CEO
Christopher Senner
Executive Vice President and CFO
Recent News
Investor's Business Daily
2025-12-22
2025-12-13
2025-12-12
Company data provided by crunchbase