Senior Detection and Response Engineer

About The Position

Requirements

• 3+ years in a detection engineering, SOC, or incident response role
• Hands-on detection-as-code experience — writing, testing, versioning, and deploying custom detection rules in a CI/CD or Git-based workflow
• Strong custom detection authoring across at least one SIEM platform (ES|QL, KQL, SPL, or similar query languages)
• Demonstrated alert investigation and triage skills — comfortable working from raw logs to root cause
• Incident response experience in both responder and commander capacities, including coordination, containment, and post-incident review
• Intermediate or above programming proficiency in Python or Go — able to build tooling, parse data, and automate workflows
• Engineering background in building, deploying, or maintaining security systems (log pipelines, detection infrastructure, integration work)
• Familiarity with the MITRE ATT&CK framework for mapping detections and threat hunts to adversary TTPs
• Experience with at least one EDR platform (e.g., Microsoft Defender for Endpoint, CrowdStrike, SentinelOne) — writing custom queries and hunting beyond built-in alerts
• Threat hunting experience using hypothesis-driven, intelligence-driven, or anomaly-driven approaches
• Security log pipeline experience — building or maintaining ingestion from diverse sources (cloud APIs, webhook integrations, custom parsers)
• Version control and CI/CD fluency — Git workflows for detection content

Nice To Haves

• Experience with AWS, Azure, and/or GCP security services and cloud-native logging (CloudTrail, Azure Activity Logs, GCP Audit Logs)
• Elastic Security experience (detection rules, ES|QL, index and ingest pipeline familiarity)
• Experience with identity-based attack detection (Entra ID, Okta, SSO/OIDC abuse patterns)
• SOAR or security automation tooling experience — building response playbooks, enrichment workflows, or triage automation
• API security monitoring or investigation experience
• Exposure to Zero Trust architectures (Cloudflare, Zscaler, or similar)
• Familiarity with threat intelligence platforms or feeds (MISP, OTX, abuse.ch)
• Supply chain security awareness (npm, PyPI, container image compromise detection)
• Strong written communication — able to produce clear incident reports, runbooks, and stakeholder updates

Responsibilities

• Author, test, and maintain detection logic as code across SIEM, EDR, and cloud platforms
• Investigate security alerts, triage findings, and escalate as appropriate
• Lead and participate in incident response as both responder and incident commander
• Conduct threat hunts informed by emerging TTPs and threat intelligence
• Build and improve automation to accelerate detection, triage, and response workflows
• Contribute to runbooks, playbooks, and post-incident documentation
• Collaborate with engineering and infrastructure teams to improve logging coverage and signal quality

Benefits

• Pre-tax and ROTH 401(k) options via Fidelity with up to a 4% company match
• Comprehensive benefit plans covering medical, dental, vision, life, and disability effective on your hire date. We cover 100% of your employee premiums and 85% of your eligible dependents
• Pre-tax flexible spending account options for health, dependent care and commuter expenses
• Flexible PTO in addition to 10 company holidays and an end-of-year company shutdown
• Up to 26 weeks of parental leave
• Monthly cell phone/internet stipend
• IATAN travel membership
• Pet insurance
• Financial wellness tools
• Calm app access