Jobs · Engineering · California

Expert Detection and Response Engineer (Remote)

Activision · Irvine, CA · 3 days ago
On-siteEngineering$124k–$229k/yrFull-time

About the role

The Expert Detection and Response Engineer plays a crucial role in protecting Activision's players, studios, platforms, and enterprise environments from advanced cyber threats. This role involves actively identifying, investigating, and responding to security incidents across various environments.

Responsibilities

  • Detect, investigate, and respond to security incidents across cloud, corporate, and production environments.
  • Monitor and analyze security telemetry and audit logs to identify anomalous activity, unauthorized access, and emerging threats.
  • Perform alert triage, in-depth investigation, and forensic analysis across the full incident lifecycle.
  • Develop, refine, and tune threat detections within the SIEM based on real-world attacker behavior.
  • Enhance investigation and response efficiency through automation, SOAR workflows, scripting, and advanced analytics.
  • Contribute to TDIR procedures, playbooks, runbooks, documentation, and operational metrics.
  • Collaborate closely with engineering teams, business stakeholders, and vendors during active investigations and response efforts.
  • Participate in an on-call rotation and provide off-hours support for critical incidents and material security events.
  • Communicate investigation findings clearly and effectively to technical teams and leadership.

Requirements

  • Bachelor’s degree in computer science, Information Security, or equivalent practical experience.
  • 10+ years of progressively accountable security experience, with a demonstrated track record of independent, expert-level judgment in incident response.
  • Hands-on experience in threat detection, security operations, and incident response, with active involvement across the full incident lifecycle.
  • Strong understanding of the modern threat landscape, attacker tactics, techniques, and procedures.
  • Proven ability to detect, triage, investigate, and respond to security incidents in enterprise environments.
  • Experience performing detailed log analysis, correlation, and investigative triage.
  • Strong written and verbal communication skills, with the ability to clearly articulate incident findings and response actions.
  • Ability to work independently and collaboratively within the TDIR team and with technical and business stakeholders.
  • Willingness to participate in an on-call rotation and provide off-hours support for critical security incidents.
  • Hands-on experience with security monitoring platforms such as SIEM and EDR, including building or significantly extending detection content.
  • Scripting or programming experience (e.g., Python, PowerShell, KQL) to support detection, investigation, or response automation.
  • Strong host- and network-based forensic skills, including timeline reconstruction and root cause analysis.
  • Working knowledge of how LLMs are applied to security operations (alert enrichment, auto-triage, summarization).
  • Fluency in English.

Preferred Qualifications

  • 12+ years of relevant IT and security experience, including prior leadership or mentorship of less-senior analysts.
  • Hands-on malware analysis experience using static and dynamic techniques.
  • Experience implementing or operating SOAR platforms and security automation.
  • Hands-on experience building or integrating AI-assisted triage into a SOC workflow.
  • Familiarity with emerging threat models for AI-augmented security tooling, such as prompt injection and verdict poisoning via analyzed artifacts.
  • Understanding foundational security best practices, including system and network hardening.
  • Experience interfacing effectively with leadership, engineering teams, and external vendors.
  • Demonstrated engagement with the cybersecurity community or strong evidence of self-driven learning and professional contribution.

Similar jobs