Security Engineer I

Life at UiPath The people at UiPath believe in the transformative power of automation to change how the world works. We’re committed to creating category-leading enterprise software that unleashes that power. To make that happen, we need people who are curious, self-propelled, generous, and genuine. People who love being part of a fast-moving, fast-thinking growth company. And people who care—about each other, about UiPath, and about our larger purpose. Could that be you? ROLE OVERVIEW As a Security Operations Engineer 1, you are a developing practitioner focused on threat management and incident response. Working under the guidance of senior engineers, you triage and investigate security incidents, support containment and remediation, and contribute to the feedback loop with Threat Intelligence and Detection Engineering. You build depth on the SecOps stack day by day and bring a builder's mindset - looking for what can be automated, documented, or improved. You will perform this work across two operating environments: our commercial SecOps environment (the day-to-day default) and our FedRAMP Moderate authorization boundary (a separately controlled, regulated environment supporting federal agency customers). The same craft applies in both, but the FedRAMP environment is segregated and carries stricter requirements on personnel access, tooling, data handling, documentation, and reporting timelines - you will learn those procedures and apply them with senior support when working inside that boundary. CORE RESPONSIBILITIES - THREAT MANAGEMENT & INCIDENT RESPONSE Triage and investigate incidents across SIEM, EDR, network, identity, and cloud telemetry; support containment, eradication, and incident communications under senior guidance. Contribute to root cause analysis and close the loop with Threat Intelligence and Detection Engineering to produce durable detections, controls, or playbook updates. Participate in proactive threat hunting across enterprise and cloud telemetry under the direction of senior analysts. Help maintain IR playbooks and runbooks and participate in drills and tabletop exercises. Recommend and help tune the detection and response tooling stack (SIEM, EDR, SOAR, case management) in both environments Actively seek mentorship from senior IR engineers and grow toward independent ownership of incidents over time. FedRAMP - Follow strict procedures and requirements for but not limited to the authorized IR Plan, NIST 800-53 IR controls, CISA notifications, chain of custody, data classification handling, and event classification and reporting requirements. CROSS-FUNCTIONAL COMPETENCIES Threat Intelligence - developing ability to consume threat intelligence and apply it to hunts, detections, and incident context; learning to map adversary behavior to MITRE ATT&CK. Detection Engineering - contributes detection content and tuning improvements across SIEM and EDR platforms; familiar with detection-as-code workflows and able to reduce false positives with guidance. Security Engineering - assists in automating routine SecOps tasks with a DevOps/IaC mindset and helps integrate security tooling via APIs, including contributions to SOAR playbooks. KNOWLEDGE, SKILLS & CAPABILITIES Working knowledge of incident response frameworks (NIST 800-61, SANS PICERL) and a developing understanding of modern attacker TTPs, malware behavior, and MITRE ATT&CK. Familiarity with operating system fundamentals (Windows, Linux, macOS), networking protocols, identity systems, and at least one major cloud platform (AWS, Azure, or GCP) with preference of Azure. Awareness of malware analysis and digital forensics concepts. Analytical mindset - reads network, host, identity, and cloud logs, asks the right questions, and reaches sound conclusions under time pressure with senior support. Clear written and verbal communication; tailors messaging to technical and non-technical audiences and produces documentation suitable for review. Sound escalation judgment - recognizes when scope or severity exceeds current experience and engages senior support early; brings curiosity, critical thinking, and willingness to learn the differences between commercial and FedRAMP operating procedures. Foundational scripting in Python, PowerShell, Bash, or Node plus developing proficiency in Microsoft KQL or similar query analytics languages; comfortable in terminal-first workflows with utilities such as grep, jq, awk, sed, curl, and git. Comfortable using coding agents (Claude Code, Copilot, Cursor) and LLM-based tools to accelerate investigation and reporting - with the discipline to validate generated code, recognize hallucination risk, handle sensitive data carefully, and escalate rather than ship unreviewed output. QUALIFICATIONS Required Minimum 1 year of experience in a Security Operations role (SOC analyst, junior incident responder, detection engineer, or equivalent), internship, or relevant academic/lab work. Hands-on exposure to at least one