Member of Technical Staff, SecOps & Threat Detection Engineer
Staff Security Engineer owning threat detection, SIEM architecture, and security operations for cloud, apps, and endpoints. Requires 6+ years in security/SRE/infra engineering with experience building detection-as-code, endpoint monitoring (SentinelOne), and driving MTTD/MTTR improvements in AWS environments.
265k – 310k
On-site7+ YOESecurity Engineering
About the role
Responsibilities
Own the design and evolution of our threat detection and security operations capability.
Define detection strategy across cloud infrastructure, applications, and endpoints.
Establish and improve our SIEM and monitoring architecture, including signal quality, coverage, and scalability.
Design and implement detection-as-code practices, setting standards for how detection logic is built, tested, and maintained.
Drive visibility across all critical assets, ensuring endpoints, services, and identities are consistently monitored.
Take ownership of endpoint security monitoring (e.g., SentinelOne), including integration into centralized detection workflows.
Lead the design and rollout of automated security controls, including secrets rotation for high-risk systems.
Define alerting strategy, including severity models, escalation paths, and on-call expectations.
Lead investigations into complex or ambiguous security signals, setting the standard for root cause analysis and response.
Partner with engineering teams to improve instrumentation and ensure systems emit high-quality security signals.
Define and track key metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and drive measurable improvements.
Mentor and guide other engineers, raising the overall capability of the team in detection and security operations.
Requirements
6+ years of experience in Security Engineering, SRE, or Infrastructure Engineering with a strong security focus.
Proven experience designing or significantly improving security monitoring, detection, or SIEM systems.
Strong understanding of cloud environments (ideally AWS), including IAM, networking, and logging at scale.
Experience working with endpoint detection and response tools such as SentinelOne or similar.
Deep experience working with logs, events, and telemetry to build meaningful, high-signal detections.
Strong programming or scripting skills (Python, Go, or similar), with a focus on automation and system design.
A strong understanding of attacker behavior and the ability to translate threats into detection strategies.
Experience defining alerting models and reducing noise while maintaining strong coverage.
Ability to operate in ambiguous environments and define structure where none exists.
Strong cross-functional communication skills, with the ability to influence engineering and leadership.
A pragmatic, outcome-oriented mindset focused on reducing real risk and improving operational effectiveness.
Nice-to-Haves
This is an L5 opportunity. Successful candidates typically come from staff or principal-level roles and are recognized for establishing technical direction, leading large-scale initiatives, and shaping engineering strategy across organizations.
Skills
SIEMAWSSentinelonePythonGoThreat DetectionSecurity MonitoringDetection As CodeEndpoint DetectionIAMLoggingAutomation
Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Software Engineer, Trust & Safety
ReplitFoster City, CA
Build and operate AI-powered abuse detection systems at Replit to combat phishing, cryptomining, prompt injection, and other platform abuse at scale. Requires 8+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Incident Responder
FluidstackSan Francisco, CA +1
Senior-most incident commander building and operating Fluidstack's Detection & Response Engineering program. Defines runbooks, leads material incidents across IT/OT/physical surfaces, and sets standards for agent-first IR at scale.
250k – 350k
On-siteSecurity Engineering
Staff Product Security Engineer
CrusoeSan Francisco, CA
Leads advanced penetration testing, red team operations, and AI/ML security research to secure applications, infrastructure, and distributed AI systems including LLMs and Kubernetes environments. Requires 8-10 years offensive security experience and strong software engineering in Go/Python/Rust.