Security Engineer, Detection & Response

Liftoff•United States (Remote), CA

11h•$172,000 - $240,000•Remote

About The Position

Liftoff is a leading AI-powered performance marketing platform for the mobile app economy. Our end-to-end technology stack helps app marketers acquire and retain high-value users, while enabling publishers to maximize revenue across programmatic and direct demand. Liftoff’s solutions, including Accelerate, Direct, Monetize, Intelligence, and Vungle Exchange, support over 6,600 mobile businesses across 74 countries in sectors such as gaming, social, finance, ecommerce, and entertainment. Founded in 2012 and headquartered in Redwood City, CA, Liftoff has a diverse, global presence. The Liftoff Security team protects Liftoff's customers, users, and employees. We architect Liftoff's security posture, build the tools and systems that defend it, and partner with Engineering teams as they ship new products and features. Our work spans the entire stack — infrastructure, web, mobile, and IT — and we approach security from a software engineering standpoint, scaling our impact through automation and well-designed tools. Now is the time to join! Here's why: Build out our detection and response function. Liftoff has a mature security information and event management platform (SIEM), established detection content, and a working incident response program. Your charter is to take it to the next level — including leading our investment in AI-augmented SOC tooling. High visibility, high impact. Detection and response is a critical capability for Liftoff. Security-conscious engineering culture. Liftoff's engineering org is a willing and capable partner on security work. Hands-on technical work. Stay deep in code, detections, and incidents. Breadth of work. Detection and response is the primary focus, but you'll partner across the security team on cloud, infrastructure, and application security where the work demands it. Large-scale, interesting systems. Liftoff processes millions of requests per second across its demand-side platform (DSP), mobile software development kit (SDK), and ad exchange.

Requirements

5+ years in security engineering, security operations, detection engineering, or software engineering with a security focus.
Hands-on production SIEM operation — onboarding log sources, writing and maintaining detection content, and triaging alerts.
Write production-quality code for security automation and detection-as-code.
Experience leading or substantially contributing to security incident response.
Strong technical writing — design docs, runbooks, and post-incident reviews.
Demonstrated judgment in prioritizing security work using a risk-based approach.
Ability to quickly navigate large, unfamiliar codebases and reason about complex engineering systems.
Excellent verbal communication.
Willing to participate in an on-call rotation.

Nice To Haves

Hands-on experience with an AI-augmented SOC platform (Prophet Security, Dropzone AI, or equivalent), or with building large language model (LLM) augmented investigation and runbook tooling.
Experience operating in cloud environments at scale.
Cloud incident response experience, particularly in AWS.
Endpoint forensics for incident response on Mac and/or Linux.
Detection-as-code workflows in continuous integration and deployment (CI/CD) pipelines.
Mobile adtech or high-volume SaaS background.

Responsibilities

Own day-to-day operation of Liftoff's SIEM (Panther) — log source ingestion, detection content, and the alert investigation pipeline.
Lead Liftoff's adoption of AI-augmented SOC tooling (e.g. Prophet, Dropzone, or equivalent) as a multi-year modernization investment.
Triage incoming security alerts and drive timely investigation and remediation with stakeholders across Engineering and IT.
Lead incident response — investigation, containment, and post-incident review — and mature processes and runbooks so response becomes predictable and repeatable.
Build tooling and automation that detects active threats, enriches alerts, and reduces manual investigation toil.
Partner with Engineering and IT to make detection and response self-service where possible — clear log-onboarding paths, documented detection proposals, accessible runbooks — so security scales without becoming a bottleneck.
Close the feedback loop between the team's offensive and proactive findings and detection coverage.
Partner across the security team on cloud, infrastructure, and application security work alongside your detection and response focus — every engineer on this team covers breadth beyond their primary focus.
Participate in the Security team's on-call rotation and incident response.