Security Software Engineer II, Detection and Response

What you'll do

• Build alerts and automation workflows to improve capabilities to detect and response to external and internal security threats
• Manage our logging pipelines and infrastructure and onboard new logging sources to improve our detection coverage
• Develop and maintain internal tooling to expand and automate team detection and response capabilities
• Respond to alerts generated from our tooling and run incidents as part of an on-call rotation
• Collaborate with cross team partners
• Hunt for previously undetected threats in our environment
• Leverage AI to streamline and enhance the efficiency, accuracy, and coverage of security engineering.

What we’re looking for

• Bachelor’s degree in Computer Science, Cybersecurity or, a related field or equivalent experience
• Strong knowledge of intrusion detection and incident response with an engineering focus in a modern cloud first environment
• Knowledge of the attacker lifecycle, common attack and detection techniques
• Hands on experience with writing SIEM queries for alerting, response, and threat hunting
• Experience consuming threat intel and applying it to improve detection capabilities
• Familiarity with using multiple sources of telemetry for threat investigations: Eg. EDR, Osquery, Firewall logs
• Understanding of networking technologies and/or network security, basic TCP/IP network fundamentals
• Depth in ideally MacOS internals, or alternatively in Linux/UNIX or Windows internals, persistence mechanisms, privilege escalation techniques
• Scripting or automation experience (e.g., Python, Go, Ruby) for tool development or integration
• Demonstrated ability to use AI to improve speed and quality in your day-to-day workflow for relevant outputs.
• Strong track record of critical evaluation and verification of AI-assisted work (e.g., testing, source-checking, data validation, peer review).