Job description

The Information Security Engineer (SOC) at Tabby is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across infrastructure, applications, and cloud environments within a high-growth FinTech ecosystem. The role operates within the InfoSec Monitoring department and focuses on protecting large-scale payment and financial platforms used by millions of users and tens of thousands of merchants. The position involves continuous monitoring and analysis of logs and alerts from diverse sources including firewalls, IDS/IPS, endpoints, servers, and cloud platforms, correlating events to detect advanced threats, and tuning detection logic to reduce false positives. The engineer leads incident response activities across the full lifecycle, from detection and containment to eradication, recovery, and post-incident analysis, while coordinating with internal teams and external vendors during high-severity incidents or data breaches. The role also contributes to threat intelligence operations by researching emerging threats, developing and tuning detection rules, maintaining a Cyber Threat Intelligence (CTI) platform, and integrating CTI feeds into security controls to enable proactive, intelligence-driven detections. Collaboration with IT, DevOps, Risk, and Compliance teams is critical, as is maintaining dashboards, reports, and detailed incident documentation. The role requires hands-on experience with SIEM, SOAR, EDR/XDR, cloud-native monitoring tools, scripting for automation, and familiarity with modern application architectures including REST APIs and microservices, supporting Tabby’s large-scale, cloud-based financial platform.