Senior Detection Engineer

Instacart

2d•$192,000 - $242,500•Remote

About The Position

Instacart's Detection Engineering team is central to its Security organization, responsible for building and operating systems that identify, surface, and respond to threats across a large North American grocery technology platform. The team manages the entire detection lifecycle, from telemetry collection and signal design to automated response, within a complex, cloud-native environment that includes endpoint, cloud, container, and SaaS. As a Senior Detection Engineer, you will be a technical leader, developing high-fidelity detection logic, hunting for new attacker techniques, and improving the team's approach to coverage, quality, and scale. You will collaborate with Engineering, Red Team, Incident Response, Fraud, and Trust & Safety teams to ensure detections accurately reflect real-world adversary behavior. The team operates with a detection-as-code philosophy, meaning all work is versioned, tested, and deployed through automated pipelines. Key focuses include reducing noise, enhancing analyst efficiency via automation and SOAR, and continuously adapting to the evolving threat landscape. This role is ideal for individuals who are motivated by complex forensic challenges, enjoy translating attacker Tactics, Techniques, and Procedures (TTPs) into robust detection logic, and wish to contribute to the growth of a security function.

Requirements

5+ years of experience in a detection engineering, incident response, or offensive security role.
Experience with 1 or more public cloud platforms (AWS, Azure, GCP).
Deep understanding of attacker TTPs across modern zero trust environments, including identity compromise, token theft, and abuse of trust boundaries.
Proficient understanding of macOS internals and telemetry available to identify macOS specific threats.
Experience implementing detection-as-code workflows including version control, peer review processes, automated testing, and CI/CD deployment pipelines.
Basic proficiency with Python, Golang, or other programming languages.
Relevant certifications: GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similar.

Nice To Haves

Background in offensive security or red teaming.
Knowledge of machine learning for threat detection.

Responsibilities

Develop, tune, document, and maintain detection logic across multiple log sources including endpoint, cloud, container, and SaaS products.
Assist in cyber forensic investigations across a variety of log sources.
Optimize log ingestion pipelines and telemetry collection to ensure high-quality, actionable security data while managing volume and cost.
Design and build SOAR playbooks and automation workflows to streamline detection triage, enrichment, and response actions.
Mentor junior security analysts and detection engineers on threat hunting methodologies, detection logic development, and investigation techniques.