Principal Software Engineer, Security, Detection & Response

This is a fully remote position, open to applicants in Massachusetts.

📋 Description

• Establishing robust detection foundations and response frameworks to enhance HubSpot’s security posture.

• Leading the creation of automated detection systems and prioritizing mitigations according to current threats and coverage deficiencies.

• Collaborating closely with engineering teams to provide data for purple team exercises and implement effective solutions to mitigate risks.

• Steering architectural decisions for our corporate security logging infrastructure and Security Information and Event Management (SIEM) systems.

• Contributing code to security automations, evaluating designs for detection reliability, and offering technical mentorship to engineers.

• Serving as a primary point of contact for threat intelligence and incident response expertise.

• Assisting in incident response efforts by supporting investigations and analyzing bad actor behaviors.

⛳️ Requirements

• 10-15 years of experience in software development and information security, emphasizing detection engineering, threat intelligence, and incident response.

• Demonstrated expertise in designing and implementing automated detection systems and managing extensive security logging infrastructures (e.g., Splunk, SIEM).

• In-depth knowledge of endpoint and network detection (EDR/SASE) with practical experience using tools like CrowdStrike Falcon for investigation and response.

• Comprehensive understanding of incident response methodologies and frameworks such as NIST 800-61 and SANS, along with the capability to lead high-severity Critical Situations (CritSits).

• Proven experience in correlating various telemetry (identity, cloud, network) to detect post-entry behaviors and swiftly contain threats.

• Experience in managing and ingesting Indicators of Compromise (IOCs) and mapping adversary techniques to standards like STIX/TAXII.

• Exceptional communication skills, with the ability to convey complex threat landscapes to both technical and non-technical audiences.

• Relevant industry certifications (e.g., GCIH, GCFA, CISSP, or vendor-specific EDR certifications).

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work arrangements

• Paid time off

• Professional development opportunities

• Bonuses

• Stock options

• Equipment allowances