SOC Engineer - 2

Founded in 2018, Quince was built to challenge the idea that nice things have to cost a lot. Our mission is simple: to make really high quality essentials for really low prices, produced fairly and sustainably. We believe everyone deserves exceptional craftsmanship and timeless design without the traditional markups. Quince is a direct-to-consumer (DTC) model that cuts out middlemen and leverages just-in-time manufacturing to minimize waste and maximize value.

Quince is a tech company disrupting the retail industry by putting AI, analytics and automation at the center of everything we do. Our unwavering commitment to excellence and company values guide our teams and actions:

At Quince, you will be part of a high-performing team that is redefining what quality, value, and sustainability mean in modern retail. We are a destination for builders, innovators, and operators to come together and challenge the status quo. Our collective ambition is bold. We are creating an entirely new category and customer experience – one that democratizes luxury and provides high quality products at radically low prices. That mission demands a world-class team committed to excellence. 

If you are motivated by impact, growth, and purpose, you will find a strong sense of belonging at Quince.

We’re looking for a SOC Engineer - 2 to join our growing Security Operations team. In this role, you will help protect the organization by monitoring, detecting, investigating, and responding to security events across cloud, endpoint, and application environments. You will work on strengthening detection capabilities, improving response processes, and enhancing the overall security posture of the organization.

Success in this role means effectively identifying and responding to threats, improving detection quality, and contributing to scalable security operations through automation and continuous improvement. You will collaborate closely with security, engineering, IT, and business teams to ensure timely incident response and operational resilience.

• →Monitor and triage security alerts from EDR, DLP, SIEM, cloud, and web security platforms
• →Investigate security incidents including credential compromise, unauthorized access, malware infections, and data exposure events
• →Analyze logs across endpoints, cloud services, and applications to determine root cause, impact, and scope of incidents
• →Perform proactive threat hunting to identify suspicious activity and gaps in existing detections
• →Execute containment, remediation, and recovery actions following established incident response procedures
• →Develop, tune, and improve detection rules and alerting logic to reduce false positives and improve signal quality
• →Translate threat intelligence into actionable detection use cases and monitoring strategies
• →Contribute to automation initiatives for alert enrichment, workflow optimization, and incident response processes
• →Design and implement automation to improve true positive detection and enable automated triage of known issues
• →Monitor cloud security findings and support remediation of configuration and access control issues
• →Collaborate with engineering, IT, and business teams during investigations and incident response activities
• →Maintain and improve incident response playbooks, runbooks, and operational documentation
• →Track and report key operational metrics including incident trends, response times, and alert quality
• →Stay current with emerging threats, attacker techniques, and security best practices

• 2–4 years of experience in SOC, Security Operations, or Incident Response roles
• Strong understanding of the incident response lifecycle and threat detection methodologies
• Hands-on experience with security tools such as EDR, DLP, SIEM, vulnerability scanners, and cloud security platforms
• Experience with tools such as CrowdStrike, Netskope, Splunk, Sentinel, or similar technologies
• Strong understanding of networking fundamentals including TCP/IP, DNS, HTTP/S, SMTP, and common attack vectors
• Experience analyzing logs and telemetry across endpoints, cloud environments, and applications
• Basic scripting or automation experience using Python or similar languages
• Experience with detection engineering, SIEM rule creation, dashboards, and alert tuning
• Familiarity with frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, threat hunting, and forensic analysis
• Strong analytical thinking, problem-solving, and communication skills
• Ability to work effectively in fast-paced and high-pressure environments

• Experience with AWS security services and cloud-native security tooling
• Familiarity with SOAR platforms and security automation workflows
• Experience with threat intelligence platforms and IOC management
• Exposure to endpoint forensics and malware analysis concepts
• Relevant certifications such as Security+, CEH, GCIH, GCIA, or similar
• Experience working in high-growth or cloud-native environments

Joining Quince means being part of a mission-driven team reshaping retail. You will work alongside talented colleagues, tackle meaningful challenges, and contribute to building a more sustainable, accessible future for customers and partners alike.

Quince provides equal employment opportunities to all employees and applications for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. 

Quince is committed to providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation to complete your application or to perform the essential functions of a role at Quince, please let us know by completing this accommodation form. We review all requests individually and will work with you to determine appropriate accommodations on a case-by-case basis.

Employment is contingent upon successful completion of a background check. Quince will conduct background checks in compliance with applicable federal, state, and local laws.

Security Advisory: Beware of Frauds

At Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.