Skip to content
WHOOPWHOOPBoston, MA

Security Detection Engineer

Design and scale high-fidelity detection capabilities across cloud, identity, endpoint, and application environments to protect biometric and health data. Requires 4+ years in security detection or operations with strong scripting and detection tuning experience.

Salary not listed
On-site4+ YOESecurity Engineering

About the role

Responsibilities

  • Design, build, and scale high-signal detections across cloud, identity, endpoint, network, and application layers using Detection-as-Code principles.
  • Develop and maintain detection logic aligned to real-world attacker behavior and frameworks such as MITRE ATT&CK across modern security platforms.
  • Translate threat intelligence into actionable detections and validate effectiveness through adversary emulation and testing.
  • Build behavioral detections to protect against threats such as account takeover, credential abuse, API misuse, automation attacks, privilege escalation, and data exfiltration.
  • Continuously improve detection quality by tuning alerts, reducing false positives, and implementing automated enrichment and triage.
  • Define and track detection KPIs (e.g., precision, recall, false positive rate, MTTD) and implement processes to measure and improve detection health.
  • Support and lead incident investigations, including containment, root cause analysis, and post-incident detection improvements.
  • Contribute to the on-call rotation while proactively reducing operational overhead through automation.
  • Partner with Engineering, IT, Infrastructure, Product, and GRC to ensure systems launch with strong monitoring and detection coverage.
  • Map detections to threat models, identify visibility gaps, and continuously improve coverage as the environment scales.
  • Explore and apply advanced analytics and machine learning techniques to improve detection fidelity, reduce noise, and enhance triage and investigation workflows.
  • Stay ahead of evolving threats by researching emerging attack techniques and incorporating learnings into detection strategy.

Requirements

  • 4+ years of hands-on experience in Information Security, with a focus on detection engineering, threat detection, or security operations.
  • Demonstrated experience writing and tuning detections across cloud, identity, endpoint, or application environments.
  • Familiarity with detection frameworks and tooling such as YARA, SIGMA, Suricata, or similar rule-based detection methodologies.
  • Strong understanding of attacker techniques across identity compromise, cloud abuse, lateral movement, and data exfiltration.
  • Expertise analyzing and building detections on cloud and SaaS telemetry, including authentication events, API activity, and system logs.
  • Strong scripting skills in a scripting language such as Python, Go, or PowerShell for automation and tool development.
  • Ability to operate effectively in a fast-paced, high-growth environment.
  • Strong analytical mindset with a systems-thinking approach to reducing noise and increasing signal fidelity.
  • Experience supporting incident response investigations and participating in on-call rotations.

Nice-to-Haves

  • Experience building detective controls for consumer-facing platforms or detecting authentication and API abuse at scale.
  • Familiarity with applying data analysis or machine learning techniques to security detection or alert triage.
  • Bachelor’s degree in Computer Science, Information Security, or a related technical field, and/or relevant security certifications.

Skills

PythonGoPowerShellYaraSigmaSuricataMitre Att&CkCloud SecurityIdentity SecurityIncident Response
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering