CrawlJobs Logo
Scale Logo Scale · IT - Software Development

Security Engineer, Detection & Response

United States, New York Employment contract 237600.00 - 297000.00 USD / Year · Job Posted May 04, 2026
Apply Position
Job Link Share

Job Description

We are seeking a Senior Security Engineer with a specialty in Detection and Incident Response to join our Security Engineering team. This role sits at the intersection of security operations and software engineering — you won't just investigate incidents, you'll build the systems that detect, contain, and prevent them. You will design and ship high-precision detections across cloud services and enterprise SaaS, develop automation that shortens response timelines, and mature the telemetry pipelines that make it all possible. Your ability to write production-quality code is just as important as your ability to triage an alert.

Job Responsibility

  • Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance
  • Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity
  • Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity
  • Perform digital incident investigations to identify and contain potential security breaches
  • Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies
  • Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows
  • Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organization
  • Utilize threat intelligence platforms to improve hunting, detection, and response workflows
  • Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders

Requirements

  • 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation
  • Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code — not just scripts
  • Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments
  • Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically
  • Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs
  • Familiarity with digital forensics tools and malware analysis techniques
  • Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate
  • Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows
  • Strong communication skills, with the ability to translate complex security findings into clear business impact
  • Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus

Nice to have

Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus

What we offer

  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
Scale - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Engineer, Detection & Response

8 matching positions

Security Engineer (Detection & Response)

As a Security Engineer, you will take on a key responsibility to improve the Sec...
Location
Location
Philippines , Manila
Salary
Salary:
Not provided
HelloFresh
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A minimum of 2 years of experience working in mature SOC environments
  • Security monitoring and incident response experience in public cloud environments such as AWS
  • Experience with cloud SIEM & SOAR platforms, DDoS mitigation and preventing tools and Layer-7 Web-based perimeter security controls
  • Understanding of network intrusion methods, network containment, segregation techniques and technologies such as Sandboxes and Intrusion Detection/Prevention Systems (ID/PS)
  • Ability to operate EDR, EPP and Device Management solutions as per best security practices
  • Decent programming skills to enable data processing, IaC and security automations
  • Good communication and reporting skills
  • Experience with log analysis stacks like ElasticSearch, Splunk/SumoLogic
  • Open to working on-call in rotational shifts
Job Responsibility
Job Responsibility
  • Responsible for SOC monitoring, use-case building, triage and advisory using cloud-native SIEM platforms
  • Conduct initial triage of security events and incidents and document progress throughout the Incident Response Lifecycle
  • Automate, optimize, automate and operate modern security solutions like EDR/EPPs and conventional Firewalls, IDS/IPS, Email Security, VPN, and MDM tools
  • Leverage premium and open-source threat intel feeds to regularly sweep environments against rising APT campaigns
  • Prepare status reports and follow up with the stakeholders through Jira and Incident Mgmt. Platform to close the remediation loop
  • Facilitate efficient Incident Detection and Response in AWS cloud and enterprise IT environments
What we offer
What we offer
  • Competitive Compensation
  • Long Service Benefits (anniversary bonus)
  • Mental health support
  • HMO medical coverage
  • Generous leave benefits
  • Life insurance
  • Annual learning & development budget
  • Access to the 360 Learning platform
  • Dynamic Environment
  • Work-Life Balance
  • Fulltime
Read More
Arrow Right

Detection & Response Security Engineer, Intern

Meta Security is looking for Security Engineer Interns with experience in Incide...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Currently has, or is in the process, of obtaining a Bachelor's degree or equivalent experience in Computer Science or related field
  • Experience analyzing network and host-based security events
  • Knowledge of networking technologies, specifically TCP/IP and the related protocols
  • Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux
  • Coding/scripting experience in one or more general purpose languages
  • Experience with attacker tactics, techniques, and procedures
  • Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment
  • Intent to return to full-time degree program after completion of the internship
Job Responsibility
Job Responsibility
  • Triage security alerts and support incident response in a cross-functional environment, driving incident resolution for internal and external threats
  • Work on cross-functional projects to improve our capabilities to effectively detect and respond to security incidents
  • Analyze and hunt for attacker techniques (through log analysis from various sources such as host and network logs) to identify potential threats and detection ideas
  • Develop actions and workflows in our automation systems to improve the alert triage process (Python, SQL)
  • Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment
  • Design and implement attack testing automation to validate detection coverage
  • Track threat clusters posing threats to Meta’s infrastructure and employees
  • Improve the tooling of threat cluster tracking and intelligence data integration to existing systems and various intelligence feeds
Read More
Arrow Right

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
293000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset
  • Have experience working in Kubernetes/containerized environments
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI)
  • Like building automation that replaces repetitive D&R work
  • Are energized by new problem areas at a forward-leaning technology company
  • Communicate clearly and collaborate well across teams
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops, tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil
  • Partner with other Security teams and system/infrastructure owners across the company to ensure new systems ship with the right telemetry, threat models, and response playbooks
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment
What we offer
What we offer
  • Offers Equity
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
Australia; Japan; Singapore , Sydney; Tokyo; Singapore
Salary
Salary:
Not provided
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset. You can evaluate new infrastructure or features, identify D&R implications (what could go wrong, what we’d need to see, how we’d respond), and turn that into concrete requirements for teams shipping the system
  • Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes (workloads, nodes, control plane, networking)
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches where possible
  • Like building automation that replaces repetitive D&R work, including thoughtfully using agent-style workflows where they meaningfully reduce toil, while keeping outcomes measurable, auditable, and safe
  • Are energized by new problem areas at a forward-leaning technology company: e.g., thinking through how to detect and respond to agents operating across systems at scale, and turning those ideas into pragmatic telemetry and response requirements
  • Communicate clearly and collaborate well across teams. You can translate D&R needs into clear requirements, align stakeholders, and drive follow-through across technical and non-technical audiences
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation—more “directing” than doing everything by hand
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments, with an emphasis on high-signal detection and reliable operational response
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops (coverage, precision, latency), tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil (triage, enrichment, containment, evidence capture) and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners across the company to ensure new systems ship with the right telemetry, threat models, and response playbooks from day one
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes: identify telemetry/control gaps, prioritize them, and advocate for fixes with partner teams (and implement directly when it’s the fastest/most effective path)
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
United Kingdom; Ireland , London; Dublin
Salary
Salary:
Not provided
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset. You can evaluate new infrastructure or features, identify D&R implications and turn that into concrete requirements
  • Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches where possible
  • Like building automation that replaces repetitive D&R work
  • Are energized by new problem areas at a forward-leaning technology company
  • Communicate clearly and collaborate well across teams
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops, tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners to ensure new systems ship with the right telemetry, threat models, and response playbooks
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Detection and Response

As a Senior Security Engineer on the Detection & Response team, you will play a ...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security technical engineering roles
  • 3+ years focused on security operations, detection engineering or incident response
  • Hands-on experience with detection engineering and automation, including SIEMs, SOAR platforms, behavior analytics, and Detection-as-Code workflows
  • Strong understanding of modern attacker techniques and how they apply to cloud-native, SaaS, and identity-centric environments
  • Experience with endpoint, runtime, and forensic tools across multiple operating systems
  • Knowledge of cloud environments (e.g., AWS, GCP) and security best practices for cloud-native systems
  • Proficiency with scripting and infrastructure tools (e.g., Python, Bash, Terraform, CI/CD pipelines) to support automation and internal tooling
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Design, build, and continuously improve threat detections across 1Password’s infrastructure, products, internal tools, and corporate environments
  • Lead and support security incident response activities, including investigation, containment, remediation, and post-incident learning
  • Apply threat intelligence and knowledge of attacker TTPs to detection development, threat hunting, alert triage, and response prioritization
  • Collaborate with Security, Infrastructure, and IT teams to improve security visibility, logging quality, and response readiness
  • Use automation, scripting, and Detection-as-Code practices to scale detection and response workflows and improve reliability
  • Own end-to-end security projects aligned with Detection & Response initiatives and broader security strategy
  • Participate in a shared on-call rotation and support high-severity incidents as needed
  • Contribute to operational maturity through playbooks, mentoring, tabletop exercises, audits, and cross-functional initiatives
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k
  • RRSP
  • Generous PTO
  • Equity grant
  • Incentive programs
  • Maternity and parental leave top-up programs
  • RSU program for most employees
  • Retirement matching program
  • Fulltime
Read More
Arrow Right

Security Operations Engineer, Detection and Response Team

Notion is looking for a talented Security Engineer with solid communication and ...
Location
Location
Ireland , Dublin
Salary
Salary:
Not provided
notion.so Logo
Notion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security detection, response, or related fields
  • Strong ability to write, tune, and optimize detections across various platforms (e.g., EDR, SIEM, network monitoring)
  • Proficiency in scripting and automation (Python, Go, or similar) to enhance detection and response capabilities
  • Experience with detection rule development (Sigma, YARA, Splunk SPL, KQL) and security event correlation
  • Deep expertise in the incident response lifecycle, including investigation, containment, remediation, and recovery
  • Lead security incidents and command response efforts, ensuring rapid containment and mitigation—even in unfamiliar environments and across team boundaries
  • Lead post-incident learning, conducting blameless postmortems and driving follow-up actions that address systemic issues and prevent recurrence
  • Experience securing cloud-native environments (AWS, GCP, or Azure), including detection and response strategies for cloud workloads
  • Practical knowledge of detecting malicious activity in application and infrastructure architectures in a SaaS environment
  • Ability to assess security gaps and propose detection & response improvements across cloud and endpoint platforms
Job Responsibility
Job Responsibility
  • Design and implement advanced detections, automate security workflows, lead incident investigations, and conduct proactive threat hunts to identify and mitigate risks before they impact Notion
  • Lead detection engineering efforts, designing scalable, high-fidelity security detections across cloud, endpoint, and application environments
  • Develop automation & orchestration solutions to improve response and containment times and enhance security workflows
  • Own and drive incident response and command, leading major security incidents, containment, and remediation efforts
  • Conduct proactive threat hunting, leveraging threat intelligence and hypothesis-driven methodologies to detect hidden adversary activity
  • Reverse-engineer attacks, analyzing adversary behavior and developing robust detection strategies
  • Continuously improve security defenses, applying lessons learned from incidents, hunting exercises, and emerging threat trends
  • Fulltime
Read More
Arrow Right

Security Engineer, Insider Threat Detection & Response

As a Security Engineer you will join our OpenAI engineers and researchers in bui...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
230000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years experience working in a detection/response or insider-risk role
  • Broad familiarity with operating systems and platforms such as macOS, Windows, Linux, and Kubernetes, along with experience in cloud infrastructure
  • Knowledge of modern adversary tactics and attack paths, data exfiltration techniques, and have experience running and leading incidents
  • Proficiency with a scripting language (e.g. Python, Bash, PowerShell, or similar)
  • Independently manage and run projects, balance preventative controls with user friction, and prioritize efforts for risk reduction
  • Motivated by securing transformative technology and can adapt familiar security frameworks to new risks in AI infrastructure
Job Responsibility
Job Responsibility
  • Innovate on Detection and Response infrastructure to engineer and automate end-to-end detection and investigation workflows
  • Develop, measure, and tune detection rules to ensure effective and sustainable operations
  • Drive projects across OpenAI’s technology stack with a focus on insider threats, ranging from access abuse and intellectual property theft to novel risks emerging within AI infrastructure
  • Partner closely with cross-functional stakeholders, including HR, Legal, and peer investigative teams, providing technical expertise and evidence to support investigations
  • Collaborate on cutting-edge AI research, and use AI to improve OpenAI’s Security posture
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right