Detection & Response, Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop our detection engineering capabilities by designing and implementing detection logic across our SIEM, EDR, cloud security tools, and identity management systems. We encourage you to write detections as code, ensuring they are durable, tested, and version-controlled.

• Take charge of security incident response. Lead and assist in security incident investigations utilizing data analytics, log analysis, and system forensics across both corporate and production environments. Create playbooks and runbooks to facilitate repeatable responses.

• Expand detection capabilities into our products. Implement additional application-level telemetry across the WorkOS platform to identify abuse patterns, anomalous authentication activities, and threats aimed at our customers' identities.

• Develop tools and automation. Create scripts, integrations, and SOAR workflows to automate detection, enrichment, and response tasks. We prioritize engineering solutions over manual processes.

• Enhance visibility and logging. Collaborate with engineering and infrastructure teams to guarantee the appropriate logs are collected, normalized, and accessible. Identify and address any monitoring coverage gaps.

• Collaborate with our MDR provider. Work together to validate detections, fine-tune rules, and coordinate incident responses. Gradually enhance our internal capabilities while sustaining the partnership.

• Contribute to the maturity of security operations. Assist in establishing on-call rotation practices, conducting tabletop exercises, performing post-incident reviews, and developing operational metrics for the security team.

• Engage in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events.

⛳️ Requirements

• Over 5 years of experience in security engineering, detection engineering, incident response, or a related technical security position.

• Strong engineering fundamentals; ideally possessing a degree in computer science or engineering or equivalent industry experience (software engineering, SRE, network engineering).

• Proficient in Python, Go, or another general-purpose programming language.

• Practical experience with SIEM platforms (such as Panther, Splunk, Elastic, or similar) including writing detection rules, constructing log pipelines, and investigating alerts.

• Familiarity with EDR technologies (such as SentinelOne, CrowdStrike, or similar) and endpoint investigation practices.

• Understanding of cloud security fundamentals (including AWS IAM, networking, and basic Kubernetes).

• Experience in incident response within production and/or corporate environments.

• Excellent written and verbal communication skills.

🏝️ Benefits

• Competitive pay

• Substantial equity grants

• Healthcare insurance (Medical, Dental, and Vision) for you and your family

• 401k matching

• Monthly wellness and fitness allowances

• PTO plus paid holidays and unlimited sick leave

• Autonomy and flexibility with remote work