CrawlJobs Logo

Security Operations Engineer, Detection and Response Team

Ireland, Dublin · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

Notion is looking for a talented Security Engineer with solid communication and analytical skills to help us improve and optimize our security monitoring program. We are seeking someone with a mixture of technical ability, attention to detail, and who can function comfortably in a variety of cyber security disciplines. In addition to technical acumen and enthusiasm, we need a self-motivator to stay on top of emerging threats and vulnerabilities to Notion; providing a continuous proactive monitoring approach.

Job Responsibility

  • Design and implement advanced detections, automate security workflows, lead incident investigations, and conduct proactive threat hunts to identify and mitigate risks before they impact Notion
  • Lead detection engineering efforts, designing scalable, high-fidelity security detections across cloud, endpoint, and application environments
  • Develop automation & orchestration solutions to improve response and containment times and enhance security workflows
  • Own and drive incident response and command, leading major security incidents, containment, and remediation efforts
  • Conduct proactive threat hunting, leveraging threat intelligence and hypothesis-driven methodologies to detect hidden adversary activity
  • Reverse-engineer attacks, analyzing adversary behavior and developing robust detection strategies
  • Continuously improve security defenses, applying lessons learned from incidents, hunting exercises, and emerging threat trends

Requirements

  • 5+ years of experience in security detection, response, or related fields
  • Strong ability to write, tune, and optimize detections across various platforms (e.g., EDR, SIEM, network monitoring)
  • Proficiency in scripting and automation (Python, Go, or similar) to enhance detection and response capabilities
  • Experience with detection rule development (Sigma, YARA, Splunk SPL, KQL) and security event correlation
  • Deep expertise in the incident response lifecycle, including investigation, containment, remediation, and recovery
  • Lead security incidents and command response efforts, ensuring rapid containment and mitigation—even in unfamiliar environments and across team boundaries
  • Lead post-incident learning, conducting blameless postmortems and driving follow-up actions that address systemic issues and prevent recurrence
  • Experience securing cloud-native environments (AWS, GCP, or Azure), including detection and response strategies for cloud workloads
  • Practical knowledge of detecting malicious activity in application and infrastructure architectures in a SaaS environment
  • Ability to assess security gaps and propose detection & response improvements across cloud and endpoint platforms
  • Pragmatic and business-oriented: You focus on high-impact security efforts, balancing security investments with real-world risk
  • Not ideological about technology: You see technologies and programming languages as tools with tradeoffs—you’re opinionated but adaptable, always willing to learn new technologies
  • Empathetic communication: You clearly articulate complex security issues, whether in technical discussions or executive briefings. You engage thoughtfully in disagreements and find common ground when needed
  • Team player: You thrive in a team environment, collaborating cross-functionally to accomplish shared security goals. You care about mentorship, learning, and continuous improvement

Nice to have

  • Experience leading large-scale security initiatives or driving security automation programs
  • Background in red teaming, adversary emulation, or offensive security
  • Familiarity with application-level detections, such as database security monitoring, detecting malicious queries, or abnormal application behavior
  • Familiarity with security compliance standards (SOC 2, ISO 27001), though not a primary focus
  • Involvement in the security community, such as conference presentations or open-source contributions

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Security Operations Engineer, Detection and Response Team

8 matching positions

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
293000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset
  • Have experience working in Kubernetes/containerized environments
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI)
  • Like building automation that replaces repetitive D&R work
  • Are energized by new problem areas at a forward-leaning technology company
  • Communicate clearly and collaborate well across teams
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops, tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil
  • Partner with other Security teams and system/infrastructure owners across the company to ensure new systems ship with the right telemetry, threat models, and response playbooks
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment
What we offer
What we offer
  • Offers Equity
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
Australia; Japan; Singapore , Sydney; Tokyo; Singapore
Salary
Salary:
Not provided
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset. You can evaluate new infrastructure or features, identify D&R implications (what could go wrong, what we’d need to see, how we’d respond), and turn that into concrete requirements for teams shipping the system
  • Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes (workloads, nodes, control plane, networking)
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches where possible
  • Like building automation that replaces repetitive D&R work, including thoughtfully using agent-style workflows where they meaningfully reduce toil, while keeping outcomes measurable, auditable, and safe
  • Are energized by new problem areas at a forward-leaning technology company: e.g., thinking through how to detect and respond to agents operating across systems at scale, and turning those ideas into pragmatic telemetry and response requirements
  • Communicate clearly and collaborate well across teams. You can translate D&R needs into clear requirements, align stakeholders, and drive follow-through across technical and non-technical audiences
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation—more “directing” than doing everything by hand
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments, with an emphasis on high-signal detection and reliable operational response
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops (coverage, precision, latency), tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil (triage, enrichment, containment, evidence capture) and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners across the company to ensure new systems ship with the right telemetry, threat models, and response playbooks from day one
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes: identify telemetry/control gaps, prioritize them, and advocate for fixes with partner teams (and implement directly when it’s the fastest/most effective path)
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection and Response

As a Security Engineer on Detection & Response, you’ll help protect OpenAI’s mos...
Location
Location
United Kingdom; Ireland , London; Dublin
Salary
Salary:
Not provided
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Have hands-on threat detection and/or incident response experience, including building detections, running investigations, and improving operational playbooks
  • Understand modern adversary tradecraft (TTPs) and can translate it into practical detection strategies and response actions
  • Bring a threat modeling mindset. You can evaluate new infrastructure or features, identify D&R implications and turn that into concrete requirements
  • Have experience working in Kubernetes/containerized environments, including building detections from cluster telemetry and understanding common failure and attack modes
  • Are comfortable reasoning about lower-level infrastructure and datacenter risks, such as firmware/BMC surfaces, network segmentation/telemetry, and hard-to-observe control paths
  • Have experience across major cloud platforms (Azure, AWS, GCP, OCI), and can design cloud-agnostic detection approaches where possible
  • Like building automation that replaces repetitive D&R work
  • Are energized by new problem areas at a forward-leaning technology company
  • Communicate clearly and collaborate well across teams
  • Are comfortable with scripting and enjoy using AI/agent tooling to accelerate investigations and automation
Job Responsibility
Job Responsibility
  • Build and evolve Detection & Response capabilities across OpenAI’s infrastructure, products, and research environments
  • Engineer detection pipelines and tooling: develop rule lifecycle management, measurement/quality loops, tuning processes, and safe rollout patterns
  • Automate response and investigations by building workflows that reduce toil and improve time-to-understand/time-to-contain
  • Partner with other Security teams and system/infrastructure owners to ensure new systems ship with the right telemetry, threat models, and response playbooks
  • Define D&R requirements and drive visibility across endpoints, identity, SaaS, cloud, Kubernetes
  • Evaluate and respond to emergent security concerns in a frontier AI lab environment
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Detection and Response

As a Senior Security Engineer on the Detection & Response team, you will play a ...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security technical engineering roles
  • 3+ years focused on security operations, detection engineering or incident response
  • Hands-on experience with detection engineering and automation, including SIEMs, SOAR platforms, behavior analytics, and Detection-as-Code workflows
  • Strong understanding of modern attacker techniques and how they apply to cloud-native, SaaS, and identity-centric environments
  • Experience with endpoint, runtime, and forensic tools across multiple operating systems
  • Knowledge of cloud environments (e.g., AWS, GCP) and security best practices for cloud-native systems
  • Proficiency with scripting and infrastructure tools (e.g., Python, Bash, Terraform, CI/CD pipelines) to support automation and internal tooling
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Design, build, and continuously improve threat detections across 1Password’s infrastructure, products, internal tools, and corporate environments
  • Lead and support security incident response activities, including investigation, containment, remediation, and post-incident learning
  • Apply threat intelligence and knowledge of attacker TTPs to detection development, threat hunting, alert triage, and response prioritization
  • Collaborate with Security, Infrastructure, and IT teams to improve security visibility, logging quality, and response readiness
  • Use automation, scripting, and Detection-as-Code practices to scale detection and response workflows and improve reliability
  • Own end-to-end security projects aligned with Detection & Response initiatives and broader security strategy
  • Participate in a shared on-call rotation and support high-severity incidents as needed
  • Contribute to operational maturity through playbooks, mentoring, tabletop exercises, audits, and cross-functional initiatives
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k
  • RRSP
  • Generous PTO
  • Equity grant
  • Incentive programs
  • Maternity and parental leave top-up programs
  • RSU program for most employees
  • Retirement matching program
  • Fulltime
Read More
Arrow Right

Security Engineer, Detection & Response

We are seeking a Senior Security Engineer with a specialty in Detection and Inci...
Location
Location
United States , New York; San Francisco; Seattle; Washington
Salary
Salary:
237600.00 - 297000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation
  • Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code — not just scripts
  • Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments
  • Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically
  • Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs
  • Familiarity with digital forensics tools and malware analysis techniques
  • Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate
  • Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows
  • Strong communication skills, with the ability to translate complex security findings into clear business impact
  • Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus
Job Responsibility
Job Responsibility
  • Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance
  • Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity
  • Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity
  • Perform digital incident investigations to identify and contain potential security breaches
  • Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies
  • Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows
  • Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organization
  • Utilize threat intelligence platforms to improve hunting, detection, and response workflows
  • Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • learning and development stipend
  • generous PTO
  • commuter stipend
  • Fulltime
Read More
Arrow Right

Senior Detection and Response Engineer

We are looking for a Senior Detection and Response Engineer to help protect the ...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
activision.com Logo
Activision
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in computer science or related field or equivalent experience
  • Extensive experience in security operations, threat detection engineering or incident response
  • Experience using AI/ML techniques in security operations (alert enrichment, behavioral analytics, anomaly detection, automated investigations)
  • Strong understanding of the modern threat landscape, common tactics and attacker techniques
  • Experience working with security monitoring platforms (SIEM, EDR or similar)
  • Scripting or programming skills (Python, PowerShell or similar) to automate security workflows
  • Strong written and verbal communication skills, and an ability to collaborate across teams
  • Fluent in English
  • Experience implementing or operating SOAR platforms
  • Must be willing to participate in the on-call rotation
Job Responsibility
Job Responsibility
  • Detect, investigate and respond to security incidents across cloud, corporate and production environments
  • Design and improve detection capabilities and incident response workflows
  • Develop automation through SOAR platforms and scripting
  • Enhance alert triage and investigations using AI/ML-driven security analytics
  • Collaborate with engineering teams to improve security visibility and response capabilities
  • Share knowledge through internal documentation, playbooks and team collaboration
  • Participate in an on-call rotation for incident response
Read More
Arrow Right

Staff Detection and Response Engineer

Healthcare needs a better rhythm: one that keeps care continuous and deeply huma...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
heidihealth.com Logo
Heidi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Owns detection and response outcomes end-to-end, including prioritisation and roadmap decisions
  • Strong domain understanding of attacker behaviour, audit logging, and detection trade-offs (coverage vs noise)
  • Comfortable building systems and workflows that scale (detection-as-code, automation, reliable operations)
  • Can work independently during incidents, coordinate across teams, and drive follow-up improvements
  • Clear communicator who can translate technical findings into priorities and preventative work
  • Senior/staff-level capability, expressed as autonomy, depth, and ability to scale impact
Job Responsibility
Job Responsibility
  • Build and maintain high-signal detections across cloud, infrastructure, and application layers
  • Improve logging and audit coverage: what we collect, how we normalise it, how long we retain it, and how we query it
  • Develop response automation: playbooks, orchestration, and repeatable containment and remediation steps
  • Improve investigative workflows for incidents: evidence handling, timelines, and actionable learnings
  • Partner with platform and application teams to add the right security telemetry and abuse signals
  • Run threat hunting cycles that generate concrete improvements to detections and controls
  • Contribute to the wider security program by closing the loop between incidents, threat models, detection coverage, and preventative controls
What we offer
What we offer
  • Flexible hybrid working environment, with 3 days in the office
  • A generous personal development budget of $500 per annum
  • Learn from some of the best engineers and creatives, joining a diverse team
  • Become an owner, with shares (equity) in the company
  • The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups
  • If you have an impact quickly, the opportunity to fast track your startup career
  • Fulltime
Read More
Arrow Right

Staff Detection and Response Engineer

The Staff Detection and Response Engineer is a critical technical role responsib...
Location
Location
India
Salary
Salary:
Not provided
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
  • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
  • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
  • Proven experience designing and implementing SOAR platform architecture from concept to production
  • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
  • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
  • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
  • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
  • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
  • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Job Responsibility
Job Responsibility
  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
  • Lead detection strategy and architecture aligned with the Detection Quality frameworks
  • Write high-fidelity detection rules using languages like SIGMA and YARA-L
  • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
  • Conduct detection gap analysis to identify coverage opportunities across the kill chain
  • Create and maintain detection playbooks, runbooks, and comprehensive documentation
  • Perform detection quality assessments and continuous improvement initiatives
  • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
  • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
  • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
Read More
Arrow Right