Staff Security Engineer I, Security Operations
About The Position
Etsy is seeking a Staff Security Engineer to join our Security Operations team. As part of the larger Security org, this team plays a pivotal role in protecting and responding to threats to our data, applications, systems, and infrastructure. Security Operations is responsible for managing our strategy, technologies, and execution of threat detection, threat intelligence, incident response, and more. As a staff engineer on the Security Operations team, your responsibilities will be twofold: Participate in our detection and response workstreams, writing new detection logic, leading incidents, and communicating to leadership. Strengthen our detection and response processes, then lead workstreams to automate them with AI where it multiplies impact. You will collaborate with members of the broader security and engineering organizations to support multiple security efforts. You will also raise the technical bar of the team: mentoring engineers on incident leadership, detection engineering, security fundamentals, and communications (written and verbal) to a variety of audiences. This role will participate in an on-call rotation on a minimum of a monthly basis. This is a full-time position reporting to the Sr. Engineering Manager, Security Operations.
Requirements
- 9+ years of experience in a security role with significant incident response experience
- Proficiency in web applications and cloud technologies
- Strong foundational knowledge of information security and common attacks, tactics, techniques, and procedures
- Familiarity with operating systems internals, malware functionality, and persistence mechanisms
- Hands on experience with SIEM, SOAR, EDR and MDM platforms
- 5+ years of professional development experience, delivering large engineering projects
- Strong mental threat model for web applications and cloud data flows.
- The ability to reason in real time about blast radius, pivot paths, and data exposure during an incident
- Bias toward building and improving systems. When you see a manual process you want to replace it.
- Experience building, tuning, and validating AI agents, including running them alongside manual analysis until you trust the output.
Nice To Haves
- Experience with Google Workspace and/or GCP
- Container technology experience
- Additional experience in any of the following areas: CTI, penetration testing, network or system engineering.
Responsibilities
- Participate in active threat hunting, analysis of security events, and incident triage (as it arises)
- End to end security event and/or incident response cycle duties, root cause analysis, incident commander duties, and cross-functional collaboration to other business areas
- Chart our strategy for AI adoption to aid in automated triage and response
- Develop, tune, and manage tools to gather security telemetry data
- Build detection rules and threat hunting queries
- Help improve processes, procedures, technologies, and runbooks for detection and response
- Challenge existing detection and response assumptions that were built for human-speed threats
- Support the technical and operational aspects of high-visibility security initiatives
- Pair on incidents, review detection logic, and coach engineers through post-incident deep-dives
- Use threat modeling to prioritize detection coverage and assess impact during active incidents
Benefits
- equity package
- annual performance bonus
- competitive benefits that support you and your family
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
