Senior Detection & Response Engineer

Greystar Management ServicesDallas, TX
Hybrid

About The Position

Greystar is seeking a Senior Detection & Response Engineer to join our Cybersecurity Operations team. This is a hybrid engineering and operations role for someone who can build detections, write code and automation, run full incident response investigations, and apply solid security engineering fundamentals across our environment. You will own the full loop: engineer the detection, respond to what it catches, and feed those lessons back into stronger coverage. This role spans EDR, IAM, SIEM, Data governance and works closely with our SOC.

Requirements

  • 6+ years in security operations, detection engineering, incident response, or a combined security engineering role
  • Demonstrated ability to build detections and understand the underlying logic, not just operate a tool
  • Hands-on digital forensics experience across endpoint and cloud, including artifact collection, timeline reconstruction, and evidence handling
  • Proficiency scripting and building automation (Python, PowerShell, KQL, or similar), including the effective use of AI tooling to accelerate development
  • Working knowledge of attacker tradecraft and the ability to attribute activity based on TTPs
  • Experience building or consuming API integrations across security and identity platforms
  • Proficiency with EDR platforms
  • Working knowledge of SIEM platforms and detection rule development
  • Strong understanding of hybrid identity environments, including AD Connect sync behavior and Entra ID
  • Experience investigating modern attack techniques including AiTM phishing, OAuth consent abuse, BEC, token replay, and living-off-the-land techniques
  • Solid security engineering fundamentals across identity, endpoint, and cloud
  • Willingness to participate in an on-call rotation and perform hands-on incident response
  • Strong written communication and documentation discipline

Nice To Haves

  • Demonstrated use of AI tools (such as Claude, Copilot, or similar) to accelerate detection engineering, investigation workflows, scripting, and documentation
  • Experience prompting and directing AI models to produce useful outputs in a security context, including log analysis, detection logic drafting, and incident timeline construction
  • Familiarity with Microsoft Sentinel, including analytic rule development using KQL and automation via Logic Apps or Playbooks
  • Familiarity with Microsoft Entra ID, Purview and Defender Suite
  • Hands-on experience with CrowdStrike Falcon, including alert triage, process tree analysis, and prevention policy management
  • Experience with identity security tooling such as Saviynt, Entra ID Protection, or similar IGA and privileged access platforms
  • Prior experience in a large enterprise or managed security environment (5,000+ endpoints or 10,000+ users)
  • Relevant certifications such as GCIA, GCIH, GCFE, GCFA, SC-200, AZ-500, or equivalent

Responsibilities

  • Design, build, test, and tune detection rules across our SIEM and security tooling, targeting real attack techniques observed in our environment
  • Build scripts, automation, and API integrations (using code and AI tooling) to accelerate detection engineering, investigation, and response workflows
  • Lead incident response investigations end to end, from triage through containment, eradication, and closure
  • Perform host and cloud forensic analysis, including disk, memory, and log artifact examination to reconstruct attacker activity and establish incident timelines
  • Participate in an on-call rotation and perform hands-on alert and incident analysis
  • Analyze Microsoft 365 and Entra ID log sources including interactive sign-ins, non-interactive sign-ins, audit logs, and the unified audit log
  • Investigate EDR detections, perform process tree analysis, and recommend containment actions
  • Triage and investigate escalations from the SOC
  • Develop and maintain automated response playbooks
  • Conduct root cause analysis and determine initial access, persistence, and exfiltration methods during investigations
  • Apply security engineering fundamentals to improve identity security, conditional access, and endpoint posture
  • Produce clear, executive-ready incident briefings, IOC documentation, and technical writeups
  • Identify and tune false positive patterns to improve detection fidelity

Benefits

  • Competitive Medical, Dental, Vision, and Disability & Life insurance benefits.
  • Low (free basic) employee Medical costs for employee-only coverage; costs discounted after 3 and 5 years of service.
  • Generous Paid Time off. All new hires start with 15 days of vacation, 4 personal days, 10 sick days, and 11 paid holidays. Plus your birthday off after 1 year of service!
  • Additional vacation accrued with tenure.
  • For onsite team members, onsite housing discount at Greystar-managed communities are available subject to discount and unit availability.
  • 6-Week Paid Sabbatical after 10 years of service (and every 5 years thereafter).
  • 401(k) with Company Match up to 6% of pay after 6 months of service.
  • Paid Parental Leave and lifetime Fertility Benefit reimbursement up to $10,000 (includes adoption or surrogacy).
  • Employee Assistance Program.
  • Critical Illness, Accident, Hospital Indemnity, Pet Insurance and Legal Plans.
  • Charitable giving program and benefits.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service