Skip to content
EnvoyEnvoySan Francisco, CA

Member of Technical Staff, SecOps & Threat Detection Engineer

Staff Security Engineer owning threat detection, SIEM architecture, and security operations for cloud, apps, and endpoints. Requires 6+ years in security/SRE/infra engineering with experience building detection-as-code, endpoint monitoring (SentinelOne), and driving MTTD/MTTR improvements in AWS environments.

265k – 310k
On-site7+ YOESecurity Engineering

About the role

Responsibilities

  • Own the design and evolution of our threat detection and security operations capability.
  • Define detection strategy across cloud infrastructure, applications, and endpoints.
  • Establish and improve our SIEM and monitoring architecture, including signal quality, coverage, and scalability.
  • Design and implement detection-as-code practices, setting standards for how detection logic is built, tested, and maintained.
  • Drive visibility across all critical assets, ensuring endpoints, services, and identities are consistently monitored.
  • Take ownership of endpoint security monitoring (e.g., SentinelOne), including integration into centralized detection workflows.
  • Lead the design and rollout of automated security controls, including secrets rotation for high-risk systems.
  • Define alerting strategy, including severity models, escalation paths, and on-call expectations.
  • Lead investigations into complex or ambiguous security signals, setting the standard for root cause analysis and response.
  • Partner with engineering teams to improve instrumentation and ensure systems emit high-quality security signals.
  • Define and track key metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and drive measurable improvements.
  • Mentor and guide other engineers, raising the overall capability of the team in detection and security operations.

Requirements

  • 6+ years of experience in Security Engineering, SRE, or Infrastructure Engineering with a strong security focus.
  • Proven experience designing or significantly improving security monitoring, detection, or SIEM systems.
  • Strong understanding of cloud environments (ideally AWS), including IAM, networking, and logging at scale.
  • Experience working with endpoint detection and response tools such as SentinelOne or similar.
  • Deep experience working with logs, events, and telemetry to build meaningful, high-signal detections.
  • Strong programming or scripting skills (Python, Go, or similar), with a focus on automation and system design.
  • A strong understanding of attacker behavior and the ability to translate threats into detection strategies.
  • Experience defining alerting models and reducing noise while maintaining strong coverage.
  • Ability to operate in ambiguous environments and define structure where none exists.
  • Strong cross-functional communication skills, with the ability to influence engineering and leadership.
  • A pragmatic, outcome-oriented mindset focused on reducing real risk and improving operational effectiveness.

Nice-to-Haves

  • This is an L5 opportunity. Successful candidates typically come from staff or principal-level roles and are recognized for establishing technical direction, leading large-scale initiatives, and shaping engineering strategy across organizations.

Skills

SIEMAWSSentinelonePythonGoThreat DetectionSecurity MonitoringDetection As CodeEndpoint DetectionIAMLoggingAutomation
Replit

Staff Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Trust & Safety

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems at Replit to combat phishing, cryptomining, prompt injection, and other platform abuse at scale. Requires 8+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

250k – 315k
Hybrid8+ YOESecurity Engineering
Fluidstack

Staff Incident Responder

FluidstackSan Francisco, CA +1

Senior-most incident commander building and operating Fluidstack's Detection & Response Engineering program. Defines runbooks, leads material incidents across IT/OT/physical surfaces, and sets standards for agent-first IR at scale.

250k – 350k
On-siteSecurity Engineering
Crusoe

Staff Product Security Engineer

CrusoeSan Francisco, CA

Leads advanced penetration testing, red team operations, and AI/ML security research to secure applications, infrastructure, and distributed AI systems including LLMs and Kubernetes environments. Requires 8-10 years offensive security experience and strong software engineering in Go/Python/Rust.

250k – 285k
On-site8+ YOESecurity Engineering