Security Response Engineer, Detection Engineering
About the Role
You will lead detection engineering and the infrastructure that powers it. You will design scalable logging and alerting pipelines, build and deploy security tooling to gather telemetry, set standards for tooling and infrastructure, collaborate with engineering and infra teams to improve visibility, and participate in on-call rotations to tune detections and coordinate incident response.
Requirements
- Experience leading detection engineering efforts including logging pipelines, enrichment, automation, and quality monitoring
- Hands-on experience managing and deploying security infrastructure and tooling (IaC, containerization, remote access)
- Track record of authoring and tuning detections across endpoint, cloud, identity, and network telemetry
- Operational experience in a security on-call rotation and acting as incident coordinator for high-severity events
- Experience leading cross-functional initiatives to deliver security capabilities
- Previous coding experience in Python, Go, Rust, or similar
- Preferred: Prior success in remote-first environments
- Preferred: Experience with detections-as-code (Sigma) development and workflows
- Preferred: Domain experience with blockchain/Web3 threats
- Preferred: Open-source contributions to security-related projects
Responsibilities
- Own detection engineering as a product and drive its roadmap
- Build and run telemetry, logging, and alerting pipelines
- Establish team-wide standards for security tooling and infrastructure deployment
- Identify and implement improvements and modernization for detection capabilities
- Define and influence EDR and SIEM strategy, evaluations, and migrations
- Participate in on-call rotation to write, tune, and triage detections and coordinate incident response