Expert Detection and Response Engineer (Remote)
Activision · Irvine, CA · 3 days ago
On-siteEngineering$124k–$229k/yrFull-time
About the role
The Expert Detection and Response Engineer plays a crucial role in protecting Activision's players, studios, platforms, and enterprise environments from advanced cyber threats. This role involves actively identifying, investigating, and responding to security incidents across various environments.
Responsibilities
- Detect, investigate, and respond to security incidents across cloud, corporate, and production environments.
- Monitor and analyze security telemetry and audit logs to identify anomalous activity, unauthorized access, and emerging threats.
- Perform alert triage, in-depth investigation, and forensic analysis across the full incident lifecycle.
- Develop, refine, and tune threat detections within the SIEM based on real-world attacker behavior.
- Enhance investigation and response efficiency through automation, SOAR workflows, scripting, and advanced analytics.
- Contribute to TDIR procedures, playbooks, runbooks, documentation, and operational metrics.
- Collaborate closely with engineering teams, business stakeholders, and vendors during active investigations and response efforts.
- Participate in an on-call rotation and provide off-hours support for critical incidents and material security events.
- Communicate investigation findings clearly and effectively to technical teams and leadership.
Requirements
- Bachelor’s degree in computer science, Information Security, or equivalent practical experience.
- 10+ years of progressively accountable security experience, with a demonstrated track record of independent, expert-level judgment in incident response.
- Hands-on experience in threat detection, security operations, and incident response, with active involvement across the full incident lifecycle.
- Strong understanding of the modern threat landscape, attacker tactics, techniques, and procedures.
- Proven ability to detect, triage, investigate, and respond to security incidents in enterprise environments.
- Experience performing detailed log analysis, correlation, and investigative triage.
- Strong written and verbal communication skills, with the ability to clearly articulate incident findings and response actions.
- Ability to work independently and collaboratively within the TDIR team and with technical and business stakeholders.
- Willingness to participate in an on-call rotation and provide off-hours support for critical security incidents.
- Hands-on experience with security monitoring platforms such as SIEM and EDR, including building or significantly extending detection content.
- Scripting or programming experience (e.g., Python, PowerShell, KQL) to support detection, investigation, or response automation.
- Strong host- and network-based forensic skills, including timeline reconstruction and root cause analysis.
- Working knowledge of how LLMs are applied to security operations (alert enrichment, auto-triage, summarization).
- Fluency in English.
Preferred Qualifications
- 12+ years of relevant IT and security experience, including prior leadership or mentorship of less-senior analysts.
- Hands-on malware analysis experience using static and dynamic techniques.
- Experience implementing or operating SOAR platforms and security automation.
- Hands-on experience building or integrating AI-assisted triage into a SOC workflow.
- Familiarity with emerging threat models for AI-augmented security tooling, such as prompt injection and verdict poisoning via analyzed artifacts.
- Understanding foundational security best practices, including system and network hardening.
- Experience interfacing effectively with leadership, engineering teams, and external vendors.
- Demonstrated engagement with the cybersecurity community or strong evidence of self-driven learning and professional contribution.