Security Engineer, Detection & Response

About The Position

Requirements

• 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.
• Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code — not just scripts.
• Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.
• Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.
• Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.
• Familiarity with digital forensics tools and malware analysis techniques.
• Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.
• Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.
• Strong communication skills, with the ability to translate complex security findings into clear business impact.

Nice To Haves

• Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.

Responsibilities

• Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.
• Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.
• Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.
• Perform digital incident investigations to identify and contain potential security breaches.
• Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.
• Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.
• Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organization.
• Utilize threat intelligence platforms to improve hunting, detection, and response workflows.
• Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.

Benefits

• Compensation packages at Scale for eligible roles include base salary, equity, and benefits.
• Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO.
• this role may be eligible for additional benefits such as a commuter stipend.