Detection & Response, Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Detection & Response Security Engineer at WorkOS building detection logic and improving incident response capabilities. Collaborating with the security team to drive threat detection and operational maturity.
Responsibilities:
- Build out our detection engineering capability. Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems. We want you to write detections as code — durable, tested, and version-controlled.
- Own security incident response. Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments. Build playbooks and runbooks for repeatable response.
- Extend detection into the product. Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities.
- Build tooling and automation. Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities. We value engineering solutions over manual processes.
- Improve visibility and logging. Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available. Identify gaps in monitoring coverage and close them.
- Partner with our MDR provider. Collaborate to validate detections, tune rules, and coordinate on incidents. Grow our internal capability over time while maintaining the partnership.
- Contribute to security operations maturity. Help build on-call rotation practices, tabletop exercises, post-incident reviews, and operational metrics for the security team.
- Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events.
Requirements:
- 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role.
- Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering).
- Proficiency in Python, Go, or another general-purpose programming language.
- Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts.
- Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation.
- Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics).
- Experience with incident response in production and/or corporate environments.
- Strong written and verbal communication skills.
Benefits:
- Competitive pay
- Substantial equity grants
- Healthcare insurance (Medical, Dental and Vision) for you and your family
- 401k matching
- Wellness and fitness monthly allowances
- PTO + paid holidays + unlimited sick leave
- Autonomy and flexibility with remote work
Similar Jobs
AI Security & Controls Lead
AI Security & Controls Lead enabling secure AI adoption and evaluating AI-specific security controls. Collaborating with engineering and information security to manage AI risks effectively.
Senior Project Consultant – Security
Senior Project Consultant delivering Microsoft security solutions for mid-market and enterprise clients. Leading technical execution for identity-centric security and compliance projects with a customer-centric approach.
Senior Cyber Security Engineer
Senior Cyber Security Engineer for GE Vernova's Wind portfolio, leading cybersecurity initiatives and vulnerability assessments. Collaborating on designs and audits to enhance product security posture.
Product Security Engineer
Product Security Engineer focusing on secure development and security testing at WorkOS. Collaborating with engineering teams to protect users' data and identities.
Senior Cybersecurity Manager – Offensive Security
Leading offensive security capabilities at Home Depot, driving operational excellence across threat intelligence and investigations. Mentoring teams and establishing strategic roadmaps for cybersecurity objectives.
Security Guard
Unarmed Security Guard conducting patrols and monitoring access at cemetery grounds in Dixon, CA. Ensuring safety and security during funeral services and special events.
Cyber Security Specialist, CMMC Compliance
Cyber Security Specialist focusing on achieving CMMC 2.0 compliance in aerospace & defense. Leading security efforts and managing compliance documentation across IT and OT environments.
Information Security Engineer
Information Security Engineer safeguarding systems in a dynamic financial-services environment. Collaborating with cross-functional teams to improve security and compliance efforts.
Project Manager – Compliance Security Assessments
Project Manager driving compliance and security assessments for technology enterprises. Collaborating with cross-functional teams in managing security compliance and project execution.
Information Security Engineer – Endpoint Security Engineering
Information Security Engineer handling endpoint security within global operations. Leading remediation processes and collaborating with IT security tooling to ensure global endpoint security health.
Cybersecurity Threat and Preparedness Expert
Cybersecurity Threat and Preparedness Expert role at TDI focusing on evaluating cybersecurity preparedness and response strategies through hypothetical incident scenarios.
Senior Product Security Engineer – Automation
Senior Product Security Engineer at Red Hat developing automation tools for security processes. Collaborating with teams to enhance security capabilities across products, addressing new risks and vulnerabilities.
Ingeniero en Ciberseguridad Senior
Senior Cybersecurity Engineer supporting software projects in a challenging environment for financial sector clients. Requires deep knowledge in cybersecurity management and agile methodologies.
Security Specialist
Security Specialist responsible for monitoring transactions and investigating suspicious activities for CoinPoker's innovative crypto-poker platform. Collaborating with teams to ensure compliance and integrity of operations.
Senior Information Security Engineer – Endpoint Security Engineering
Senior Information Security Engineer focusing on endpoint security engineering at JLL. Developing processes for agent health and leading remediation activities to enhance cybersecurity.
Senior Application Security Architect
Designing and assessing security solutions in software projects. Collaborating with teams to ensure security is integral to the development lifecycle at WEX.
Research Assistant – Software Security, Program Analysis
Research Assistant in Software Security at Fraunhofer Institute, focusing on applied research projects in software security. Collaborating with academic and industry partners to enhance software security methods.
Director, Information and Cybersecurity
Director leading Information Security and cybersecurity initiatives for Office Depot. Responsible for policy development and team management in a global IT environment.
Analista Junior de Seguridad de la Información
Junior Information Security Analyst monitoring alerts and managing vulnerabilities in a structured environment. Engaging in practical experience and enhancing technical foundations remotely.
Senior Security Consultant
Microsoft Senior Security Consultant responsible for implementing Microsoft's security solutions for clients. Working with clients to design and integrate threat protection and compliance solutions.