CrawlJobs Logo
Meta Logo Meta · IT - Software Development

Security Engineer - Detection Engineering, Surface Coverage

United States, Bellevue 122000.00 - 181000.00 USD / Year · Job Posted January 23, 2026
Apply Position
Job Link Share

Job Description

Meta Security is looking for a Security Engineer with experience in threat modeling, TTP identification, and detection engineering. You’ll work alongside Software Engineers and Offensive Security Engineers to identify critical assets, assess the top risks, and evaluate potential attacks against Meta systems. You will be working across engineering teams supporting Production and Corporate systems to develop detection and response automation leveraging both industry-standard and custom detection and response platforms. You’ll generate detection ideas utilizing some of the world’s largest data sets and build on top of hyper-scale data pipelines.

Job Responsibility

  • Lead cross-functional projects to improve our functionalities to effectively detect and respond to security incidents
  • Review security architecture of large-scale custom and commercial systems and under your own initiative propose logging, detection and prevention controls
  • Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment
  • Perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats and detection ideas
  • Build response workflows and actions that auto-resolve false positives and provide context scaling our capacity to investigate
  • Support security incident response in a cross-functional environment and drive incident resolution
  • Design and implement attack testing automation to validate detection coverage
  • Build logging pipelines using our custom datasets and infrastructure

Requirements

  • 2+ years of experience in Detection and Response Engineering or similar Security Engineering role
  • Bachelor's degree or equivalent experience in Cyber Security
  • Experience building complex automations and integrations using Security Orchestration, Automation and Response platforms
  • Experience designing systems used for responding to both external and insider threats
  • Experience analyzing network and host-based security events
  • Knowledge of networking technologies, specifically Transmission Control Protocol (TCP)/Internet Protocol (IP) and the related protocols
  • Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux
  • Coding/scripting experience in one or more general purpose languages
  • Experience with attacker tactics, techniques, and procedures

Nice to have

  • Experience in Detection & Response Engineering or similar Security Engineering role
  • Experience building complex automations and integrations using Security Orchestration, Automation and Response (SOAR) platforms
  • Background in security-focused software engineering, designing large scale systems and data pipelines, or offensive security
  • Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems
  • Broad knowledge across the Security domain, as well as thorough focus in one (or more) areas such as Logs and events processing, Incident Management, Digital Forensics, Offensive Security Testing, Detection and/or Response tooling development

What we offer

  • bonus
  • equity
  • benefits
Meta - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Engineer - Detection Engineering, Surface Coverage

8 matching positions

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
Australia; Japan; Singapore , Sydney; Tokyo; Singapore
Salary
Salary:
Not provided
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset. You can evaluate new infrastructure or features, identify D&R implications (what could go wrong, what we’d need to see, how we’d respond), and turn that into concrete requirements for teams shipping the system
  • Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes (workloads, nodes, control plane, networking)
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches where possible
  • Like building automation that replaces repetitive D&R work, including thoughtfully using agent-style workflows where they meaningfully reduce toil, while keeping outcomes measurable, auditable, and safe
  • Are energized by new problem areas at a forward-leaning technology company: e.g., thinking through how to detect and respond to agents operating across systems at scale, and turning those ideas into pragmatic telemetry and response requirements
  • Communicate clearly and collaborate well across teams. You can translate D&R needs into clear requirements, align stakeholders, and drive follow-through across technical and non-technical audiences
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation—more “directing” than doing everything by hand
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments, with an emphasis on high-signal detection and reliable operational response
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops (coverage, precision, latency), tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil (triage, enrichment, containment, evidence capture) and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners across the company to ensure new systems ship with the right telemetry, threat models, and response playbooks from day one
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes: identify telemetry/control gaps, prioritize them, and advocate for fixes with partner teams (and implement directly when it’s the fastest/most effective path)
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Threat Intelligence

As a Senior Security Engineer specializing in Threat Intelligence on the Detecti...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in technical security engineering roles
  • 3+ years focused on threat intelligence
  • Strong understanding of modern attacker TTPs, including cloud-native, SaaS, identity-focused, and insider-adjacent threat patterns
  • Experience developing intelligence requirements, prioritization frameworks, analysis workflows, and emulation scenarios
  • Hands-on experience with scripting or automation (e.g., Python, APIs, SOAR workflows) to improve operational efficiency and cross-team execution
  • Ability to produce concise, high-quality written intelligence, including executive-level summaries
  • Familiarity with security telemetry, logs, and investigative workflows used by detection and response teams
  • Willingness to participate in an on-call rotation and support security incidents during high-severity or off-hours events
Job Responsibility
Job Responsibility
  • Research, track, and assess the threat landscape by analyzing relevant threat actors, campaigns, and behaviors affecting 1Password’s attack surface, identity systems, brand, third-party ecosystem, and insider risk scenarios
  • Analyze and prioritize information to develop actionable intelligence that informs detection coverage, hunting activities, and response readiness
  • Partner with Detection Engineering to design and validate threat-based detections, including through adversary emulation, simulation, or controlled testing
  • Use automation and scripting to improve how threat intelligence is collected, enriched, distributed, and actioned across Security workflows
  • Curate and deliver threat intelligence reporting for both technical teams and executive stakeholders
  • Build and maintain repeatable threat intelligence processes, workflows, and documentation that scale with the Detection & Response program
  • Participate directly in security operations by triaging alerts, supporting investigations, managing incidents, and contributing to post-incident learning
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k/RRSP
  • Generous paid time off
  • Equity grant
  • Participation in incentive programs
  • Maternity and parental leave top-up programs
  • RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

The Infrastructure Security team at Scribd is responsible for protecting our app...
Location
Location
United States , San Francisco; Atlanta; Austin; Boston; Chicago; Dallas; Denver; Houston; Jacksonville; Los Angeles; Miami; New York City; Phoenix; Portland; Sacramento; Salt Lake City; San Diego; Seattle; Washington, D.C.; Ottawa; Toronto; Vancouver; Mexico City
Salary
Salary:
119000.00 - 225500.00 USD / Year
scribd.com Logo
Scribd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years of experience in security engineering, detection engineering, incident response, or an equivalent blend of software and security engineering
  • Hands-on experience designing or operating detection and response systems (not just responding to alerts)
  • Strong understanding of logging, telemetry, and signal design in modern cloud and application environments
  • Experience with SIEM technologies such as Splunk, Elasticsearch, Datadog, Chronicle, or similar platforms
  • Experience partnering with or operating alongside an MDR or SOC provider
  • Familiarity with threat detection and response frameworks (e.g., MITRE ATT&CK, Time-Based Security, NIST CSF)
  • Ability to write quality code or tooling in at least one backend language (preferably Python, Ruby, or Go)
  • Strong collaboration and communication skills, with the ability to influence engineers without formal authority
Job Responsibility
Job Responsibility
  • Design and operationalize detection capabilities
  • Own and evolve detection coverage across applications, APIs, cloud infrastructure, identity, and bot/abuse surfaces
  • Translate threat models and real incidents into high-confidence detection patterns
  • Partner with engineers to instrument high-quality, security-relevant telemetry at the application and platform layers
  • Operationalize and mature the SIEM
  • Lead enrichment, normalization, and correlation of logs into actionable security signals
  • Define detection standards and patterns to reduce noise and improve signal quality
  • Ensure telemetry supports both internal investigations and MDR-led monitoring
  • Improve response speed and quality
  • Reduce MTTD and MTTR through improved triage, automation, and contextual alerting
What we offer
What we offer
  • Healthcare Insurance Coverage (Medical/Dental/Vision): 100% paid for employees
  • 12 weeks paid parental leave
  • Short-term/long-term disability plans
  • 401k/RSP matching
  • Onboarding stipend for home office peripherals + accessories
  • Learning & Development allowance
  • Learning & Development programs
  • Quarterly stipend for Wellness, WiFi, etc.
  • Mental Health support & resources
  • Free subscription to the Scribd Inc. suite of products
  • Fulltime
Read More
Arrow Right

Security Engineer - IR Threat Intelligence

Meta Security is looking for a threat intelligence investigator with extensive e...
Location
Location
United States , Bellevue
Salary
Salary:
154000.00 - 217000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years threat intelligence experience
  • Bachelor's degree or equivalent experience in Security
  • Familiarity with campaign tracking techniques and ability to convert the tracking results to long term countermeasures
  • Familiarity with threat modeling framework, such as Diamond Model or/and MITRE ATT&CK framework
  • Experience intelligence-driven hunting to spot suspicious activities in the network and identify potential risks
  • Proven track record of managing and executing on short term and long term projects
  • Ability to work with a team spanning multiple locations/time zones
  • Ability to prioritize and execute tasks with minimal direction or oversight
  • Ability to think critically and qualify assessments with solid communications skills
  • Coding or scripting experience in one or more scripting languages such as Python or PHP
Job Responsibility
Job Responsibility
  • Track threat clusters posing threats to Meta’s infrastructure and employees, and identify, develop and implement countermeasures on our corporate network
  • Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different types of audiences
  • Work closely with incident responders to provide useful and timely intelligence to enrich ongoing investigations
  • Improve the tooling of threat cluster tracking and intelligence data integration to existing systems
  • Engage constructively in cross-functional projects to improve the security posture of Meta’s infrastructure, such as red team operations, surface detection coverage expansion and vulnerability management discussions
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right

Principal Red Team Operator

The Operator, Red Team is a hands on offensive security practitioner responsible...
Location
Location
United States , Iselin
Salary
Salary:
120000.00 - 210000.00 USD / Year
citizensbank.com Logo
Citizens Bank
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4 to 8 years of hands on cybersecurity experience with a strong focus on Red Team operations, adversary emulation, or advanced offensive security
  • Demonstrated experience executing Red Team or Purple Team engagements in assumed breach or adversary based scenarios
  • Proven ability to design and execute attack paths rather than relying solely on automated tools or point in time testing
  • Strong technical capability across multiple attack surfaces, including identity and access attacks, endpoint and network exploitation, cloud and SaaS environments, and command and control frameworks
  • Understanding of campaign based red teaming and continuous testing approaches, including iterative and regression style validation
  • Working knowledge of AI security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused
  • Ability to collaborate with Blue Team and Detection Engineering to translate offensive activity into improved detection and response capabilities
  • Strong operational discipline, including clear documentation, safe execution, and adherence to engagement constraints
  • Effective communication skills, with the ability to explain technical findings to security practitioners and cross functional partners
  • Demonstrated curiosity, adaptability, and ability to operate in rapidly evolving threat and technology environments
Job Responsibility
Job Responsibility
  • Execute Red Team and Purple Team engagements as a primary operator, including adversary emulation, assumed breach scenarios, and intelligence driven attack paths
  • Design and execute campaign based attack operations that simulate real world adversary behavior across enterprise environments
  • Perform hands on exploitation and abuse across on prem, cloud, SaaS, and hybrid infrastructures
  • Simulate advanced attacker tradecraft, including living off the land techniques, identity abuse, privilege escalation, lateral movement, persistence, command and control, and controlled data exfiltration
  • Conduct testing against AI enabled systems and workflows, including abuse and misuse of AI assistants, copilots, and automation platforms
  • Execute prompt manipulation, indirect prompt injection, and AI model misuse scenarios to evaluate emerging attack surfaces
  • Collaborate closely with Detection Engineering and Blue Team during Purple Team engagements to validate detections, identify coverage gaps, and refine response effectiveness
  • Translate offensive findings into actionable remediation insights and partner with stakeholders to ensure vulnerabilities are addressed and control effectiveness is improved
  • Contribute to full lifecycle execution of engagements, ensuring findings are tracked through resolution and result in measurable risk reduction
  • Leverage and extend red team tooling and frameworks and develop targeted scripts or payloads to emulate specific adversary behaviors
What we offer
What we offer
  • Medical, dental and vision coverage
  • Retirement benefits
  • Maternity/paternity leave
  • Flexible work arrangements
  • Education reimbursement
  • Wellness programs
  • Fulltime
Read More
Arrow Right

CSIRT Director

The CSIRT Director is a cybersecurity leader responsible for the complete owners...
Location
Location
Canada , Montreal
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
  • 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
  • Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline
  • or equivalent professional experience.
  • Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
  • Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
  • Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
  • Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
  • Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.
Job Responsibility
Job Responsibility
  • Continuous Threat Exposure Management (CTEM) - Directs the organization's proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
  • Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
  • Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
  • Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
  • Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
  • People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
  • Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team’s needs)
  • Flex Day: Make your workday suit your life and plans.
  • Flex Location: Take up to 30 days a year to work from any location in the world.
  • Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days/year
  • Champion Health platform.
  • Professional Development: Access to world-class learning platforms including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford and many others.
  • Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
  • Fulltime
Read More
Arrow Right

Senior Security Analyst

You will work as part of a 24/7 Global Security Operations Centre. The Senior SO...
Location
Location
United Kingdom
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years’ experience as a Senior SOC Analyst within an internal SOC environment
  • Strong experience in a SOC environment, including handling high‑severity incidents
  • Deep understanding of attacker tradecraft across endpoint, identity, cloud, and email attack surfaces
  • Hands‑on experience with SIEM, EDR, and security investigation platforms
  • Proven threat hunting experience using dashboards, structured queries, and behavioural analytics
  • Experience tuning detections and implementing well‑governed exclusions without increasing risk
  • Ability to clearly document investigations, decisions, and outcomes
  • Experience using AI or machine‑learning features within security products
  • Familiarity with SOAR workflows and automation concepts
  • Knowledge of detection engineering concepts and use‑case lifecycle management
Job Responsibility
Job Responsibility
  • Act as senior escalation point for complex/high-severity alerts across SIEM, EDR, cloud and identity platforms
  • Lead end-to-end incident response (investigation, containment, eradication, and post-incident review)
  • Correlate alerts with threat intelligence and business context to assess risk and impact
  • Produce clear investigation summaries for technical and non-technical stakeholders
  • Collaborate closely with Incident Response during escalations
  • Use AI-enabled features across SOC tooling to accelerate analysis and investigations
  • Apply strong judgement to validate AI outputs and avoid automation bias
  • Provide feedback to improve tooling, workflows, and AI effectiveness
  • Support development of safe and consistent AI usage standards within the SOC
  • Conduct proactive threat hunting using queries, dashboards and behavioural analytics
What we offer
What we offer
  • Up to £3,600 of free shares each year after one year of service
  • 33 days holiday (including bank holidays) increasing to up to 38 days
  • Option to buy or sell up to an additional five days of annual leave
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Flexible Working
  • Simply Health
  • Private Health Cover
  • Critical Illness Cover
  • Fulltime
Read More
Arrow Right

Researcher, Frontier Cybersecurity Risks

Location
Location
United States , San Francisco
Salary
Salary:
295000.00 - 445000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passion for AI safety
  • demonstrated experience in deep learning and transformer models
  • proficient with frameworks such as PyTorch or TensorFlow
  • strong foundation in data structures, algorithms, and software engineering principles
  • familiar with methods for training and fine-tuning large language models, including distillation, supervised fine-tuning, and policy optimization
  • excellent at working collaboratively with cross-functional teams across research, security, policy, product, and engineering
  • significant experience designing and deploying technical safeguards for abuse prevention, detection, and enforcement at scale
Job Responsibility
Job Responsibility
  • Design and implement mitigation components for model-enabled cybersecurity misuse—spanning prevention, monitoring, detection, and enforcement—under the guidance of senior technical and risk leadership
  • Integrate safeguards across product surfaces in partnership with product and engineering teams, helping ensure protections are consistent, low-latency, and scale with usage and new model capabilities
  • Evaluate technical trade-offs within the cybersecurity risk domain (coverage, latency, model utility, and user privacy) and propose pragmatic, testable solutions
  • Collaborate closely with risk and threat modeling partners to align mitigation design with anticipated attacker behaviors and high-impact misuse scenarios
  • Execute rigorous testing and red-teaming workflows, helping stress-test the mitigation stack against evolving threats (e.g., novel exploits, tool-use chains, automated attack workflows) and across different product surfaces—then iterate based on findings
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right