Resideo is hiring a Cyber Security Architect/Engineer

Senior technical leadership position within the Security Operations function, focused on advancing threat detection, incident response, and the maturity of SOC capabilities. Responsible for engineering and optimizing security technologies including SIEM, SOAR, and XDR. Reports to the Cyber Security Director and contributes significantly to shaping security strategy and operational effectiveness.

Responsibilities

• Continuously analyze emerging threats and evaluate security tools, architectures, and workflows to identify improvement opportunities.
• Propose and deploy standardized, scalable solutions for SOC technologies and operational processes.
• Create and refine service level agreements, key performance indicators, and operational reports to measure security tooling and SOC performance.
• Maintain and improve SOC policies, procedural documentation, and operational guidelines.
• Lead the identification, investigation, and resolution of advanced security incidents and events.
• Ensure audit trail integrity and evidence handling meet investigative and regulatory standards.
• Develop cybersecurity policies and data loss prevention standards aligned with organizational risk tolerance.
• Manage and investigate data loss incidents to mitigate associated risks.
• Enforce security policies, manage exceptions, and implement risk mitigation controls.
• Serve as Tier 3 escalation point for SOC incidents and technical engineering challenges.
• Collaborate with architecture, network, data center, HR, Legal, and external partners during incident investigations.
• Lead and contribute to complex cybersecurity initiatives and modernization of SOC capabilities.
• Mentor and develop SOC engineers and analysts to enhance team expertise.
• Provide leadership input into the planning, deployment, and optimization of security programs and technologies.
• Lead engineering efforts for SIEM, SOAR, and XDR platforms, including correlation rule development and detection tuning.
• Design and implement automation and orchestration solutions to improve SOC efficiency and reduce response times.
• Conduct in-depth threat hunting, hypothesis-driven investigations, and adversary simulations.
• Guide the development of cloud-native security monitoring and detection engineering practices.

Requirements

• Minimum of five years of professional experience in cybersecurity or security operations center roles.
• Strong written and verbal communication skills with excellent documentation abilities.
• Hold or be actively pursuing certifications such as GSEC, Security+, or CISSP.
• In-depth knowledge of network protocols, IDS/IPS, SIEM, firewalls, proxies, and DLP technologies.
• Solid understanding of incident response methodologies and behaviors of advanced threat actors.
• Ability to prioritize tasks effectively in a fast-moving, high-pressure environment.
• Advanced proficiency in written and spoken English communication.

Nice to Have

• Experience in modern SOC engineering, including SOAR automation, XDR deployment, and cloud-based monitoring.
• Proven track record in developing detection rules, fine-tuning alerts, and building log ingestion pipelines.
• Demonstrated ability to lead investigations into advanced persistent threats (APTs).
• Possession of additional relevant certifications such as GCIA, GCFE, GDAT, or GCTI.

Tech Stack

SIEM, SOAR, XDR, IDS/IPS, firewalls, proxies, DLP, cloud monitoring, log ingestion pipelines, correlation rules, automation orchestration

Benefits

• Comprehensive benefits package exceeding minimum requirements under Mexican labor law, supporting employee well-being.
• Collaborative and inclusive workplace culture where individual contributions are recognized.
• Access to ongoing professional development through training, mentoring, and challenging assignments.
• Use of advanced tools, technology, and team support to enable high performance.
• Opportunity to work within a global, innovative organization shaping the future of its industry.

Work Arrangement

hybrid

Team

Part of the Security Operations team with regular collaboration across architecture, network, data center, HR, Legal, and third-party partners. Reports directly to the Cyber Security Director.

• Collaborative and inclusive work environment
• Values employee contributions
• Focus on continuous professional growth
• Innovative and global mindset
• Equal opportunity employer

Additional Information

• Reports to the Cyber Security Director
• Expected behavioral competencies include leadership, cross-functional influence, adaptability, decision-making under pressure, communication, teamwork, mentorship, and rapid adoption of new technologies
• The job posting includes equal employment opportunity (EEO) statements and compliance with relevant employment laws
• The company is undergoing a spin-off: ADI Global Distribution will become a separate publicly traded entity, while the organization retains its manufacturing and product-solutions business
• Target completion of the spin-off is the second half of 2026, subject to customary closing conditions
• The company complies with applicable equal employment laws in all countries where it operates
• A Recruitment Privacy Notice governs the processing of job application data
• Reasonable accommodations are available upon request for applicants needing assistance during the hiring process
• The role involves providing leadership input into the planning, deployment, and optimization of security initiatives
• Mentorship of SOC engineers and analysts is a key expectation
• The role requires handling of audit trails and evidence in compliance with regulatory requirements
• Job code: #LI-AM2
• Work mode: hybrid, as indicated by #LI-HYBRID