Lead Security Detection Response Engineer
About The Position
At AngelList, security is a creative function. You'll design systems that see what others miss. You'll write detection logic that actually means something. You'll build workflows that put the right alert in front of the right person at the right moment, not a firehose of noise that everyone learns to ignore. This role has enormous scope. You'll work across product, infrastructure, and support. You'll decide what "good" looks like for how we respond to threats, both the obvious ones and the weird edge cases that keep you up at night. You'll be the person who notices the pattern before it becomes a problem. We're looking for someone who sees AI as a lever, not a threat. Someone who's already thinking about how detection and response changes when you can automate judgment, not just rules. Someone who finds the current security playbook boring, because it is. You'll report to the Head of Security and operate as a strategic partner, not a ticket-taker. If you want to reinvent what this function can be, we want to talk.
Requirements
- 7+ years of experience in security monitoring, incident response, and threat hunting in cloud environments
- Experience leading complex investigations with multiple stakeholders
- Demonstrated ownership of a full detection and response function
- Broader experience across other security engineering disciplines (e.g., product security, infra)
- Expertise in AWS security controls and services
- Deep understanding of SIEM and SOAR platforms and their configuration
- Familiarity with offensive techniques and real-world compromise scenarios
- Strong working knowledge of adversary TTPs and MITRE ATT&CK
- Hands-on experience with log analysis, anomaly detection, and correlation at scale
- Operating system internals and forensic analysis (Linux, macOS, Windows)
- Ability to analyze endpoint, network, and application telemetry
- Experience scripting or coding to automate detection and triage workflows
- Familiarity with DevOps toolsets and production environments
- Clear, concise communicator who can work across technical and non-technical teams
- Leadership mindset with a strong bias toward action and results
Responsibilities
- Build and operate the full detection and response stack, from log ingestion to incident triage
- Develop, tune, and maintain high-signal detection rules based on AngelListâs top risks
- Respond to and lead investigation of security events, including cross-functional incident coordination
- Automate alert triage workflows and reduce manual operational overhead
- Continuously hunt for threats and improve our ability to detect and respond to novel attacks
- Create tools to gather telemetry data from production systems and surface meaningful signals
- Author and maintain runbooks and incident playbooks to drive consistency and clarity in response
- Harness AI to scale triage, detection, and responseâwhile understanding its blind spots
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
