Detection & Response, Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role.
• Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering).
• Proficiency in Python, Go, or another general-purpose programming language.
• Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts.
• Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation.
• Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics).
• Experience with incident response in production and/or corporate environments.
• Strong written and verbal communication skills.
• A builder, not just an operator. You write detection logic, build pipelines, and create tools.
• An engineer with a security focus.
• Comfortable across corporate and cloud environments.
• Pragmatic about risk.
• Collaborative and autonomous.

Nice To Haves

• Experience with Detection-as-Code practices (version-controlled, tested detections).
• Familiarity with SOAR platforms and security automation.
• Experience with identity/authentication systems (Okta, SAML, OIDC) — highly relevant given our product domain.
• Prior experience building a D&R function from scratch.
• Experience at a developer tools, identity/auth, or infrastructure company.

Responsibilities

• Build out our detection engineering capability.
• Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems.
• Write detections as code — durable, tested, and version-controlled.
• Own security incident response.
• Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments.
• Build playbooks and runbooks for repeatable response.
• Extend detection into the product.
• Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities.
• Build tooling and automation.
• Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities.
• Improve visibility and logging.
• Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available.
• Identify gaps in monitoring coverage and close them.
• Partner with our MDR provider.
• Collaborate to validate detections, tune rules, and coordinate on incidents.
• Grow our internal capability over time while maintaining the partnership.
• Contribute to security operations maturity.
• Help build on-call rotation practices, tabletop exercises, post-incident reviews, and operational metrics for the security team.
• Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events.

Benefits

• Competitive pay
• Substantial equity grants
• Healthcare insurance (Medical, Dental and Vision) for you and your family
• 401k matching
• Wellness and fitness monthly allowances
• PTO + paid holidays + unlimited sick leave
• Autonomy and flexibility with remote work