Senior Security Operations Engineer, Detection & Response

dbt Labs

3d•Remote

About The Position

The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt. Our small team size and wide scope of responsibilities require that we work intelligently to address the security needs of dbt's products. We aim to put yesterday's problems behind us through a mix of OSS/COTS solutions for commodity problems and using ingenuity to solve the rest. As a Senior Security Operations Engineer on the Detection & Response team, you will strengthen and maintain the company's security posture throughout the threat detection lifecycle from telemetry collection and continuous monitoring through threat detection, incident response, and security event management. You will serve as a subject matter expert for security operations across the dbt Labs' teams and technology infrastructure, including multi-cloud production environments, identity, endpoints, and SaaS technologies.

Requirements

Demonstrated ability to excel in high-pressure situations; we need someone who can make sound decisions during active security incidents and can calmly serve as incident commander with confidence.
Have demonstrated experience working within security detection and response programs in cloud-native environments.
Have hands-on experience with security tooling, regardless of specific technology ( SIEM, SOAR, EDR, and CSPM tools) with a focus on detection engineering and alert tuning.
Are driven to automate and simplify. You're comfortable using AI to do this. We primarily use Python and Terraform, but we also leverage AI tools like Notion, Claude Code, and Cursor.
Think systematically about reducing false positives while maintaining comprehensive detection coverage. You want to automate as much as possible and make everyone’s life easier when they review an alert.
Are passionate about documenting processes and creating training materials that enable others to respond effectively.
Have experience working in Kubernetes-based production environments with extensive SaaS platform integration.
Communicate clearly with both technical and non-technical stakeholders during incidents and investigations.
Are comfortable working remotely as part of a globally distributed security team.
Have working knowledge of attacker TTPs and frameworks such as MITRE ATT&CK, and how to detect them using available telemetry. You care more about behaviors than specific IOCs.
Have 8+ years of professional experience in security-related domains, including at least 4 years in security operations, incident response, threat hunting, or threat detection roles.
Have demonstrable experience leading security incident investigations and coordinating cross-team response efforts.

Nice To Haves

Have experience with the tools we use, including: Okta, Wiz, Crowdstrike, Jamf, and Google Workspace.
Have experience working across cloud environments; we’re in AWS, Azure, and Google Cloud.
Can demonstrate measurable improvements you've made to time to a security program.
Have opinions about how a successful SecOps program should be measured.
Have built automated alert triage systems that significantly reduced false positive rates and reduced time-to-investigate.
Have experience with eDiscovery or digital forensics and incident response (DFIR) work.
Hold relevant certifications such as GCIH, GCIA, GCFA, or equivalent.
Have contributed to open source security tooling or detection content.
Have experience with bug bounty program management and vulnerability disclosure processes.
You have experience with data pipelines, or data analysis best practices.
Have familiarity with application-level detections, such as database security monitoring, detecting malicious queries, or abnormal application behavior.

Responsibilities

Participate in a 24/7 on-call rotation providing coverage for active security incidents, investigations, and security events across our global infrastructure.
Lead investigation and remediation of security incidents, coordinating cross-functional response efforts to minimize impact and recovery time.
Play a major role in bootstrapping an end to end D&R alert and investigation pipeline.
Triage and investigate security alerts from detection tools including Wiz Defend, Crowdstrike, and cloud security platforms to identify genuine threats and reduce false positives.
Develop and maintain detection rules, runbooks, and response procedures mapped to the company's threat model.
Automate alert triage workflows and improve mean time to detection and response through tooling and process enhancements, including leveraging AI enrichment and processing.
Collaborate with Infrastructure and Application Security teams to implement secure-by-design principles and remediate identified security issues.
Conduct security event analysis to identify policy violations, misconfigurations, and potential attack vectors before they become incidents.
Partner with our Enterprise Security & Technology team to enhance endpoint security controls and monitoring across endpoints (MacOS laptops & some Windows and Linux-based development environments).
Design and facilitate tabletop exercises and game days to test detection, response, recovery, and remediation capabilities.
Contribute to the maturation of the security incident response program through documentation, training, and process improvements.
Mentor junior security engineers and cross-functional team members on incident handling best practices.