Member of Technical Staff, SecOps & Threat Detection Engineer
About the role
We are building a proactive, engineering-led security function focused on threat detection, visibility, and automation. This role is responsible for defining how we detect, monitor, and respond to threats across our infrastructure, applications, and endpoints.
Responsibilities
- Own the design and evolution of our threat detection and security operations capability
- Define detection strategy across cloud infrastructure, applications, and endpoints
- Establish and improve our SIEM and monitoring architecture, including signal quality, coverage, and scalability
- Design and implement detection-as-code practices, setting standards for how detection logic is built, tested, and maintained
- Ensure full visibility into our environment, ensuring endpoints, services, and identities are consistently monitored
- Take ownership of endpoint security monitoring (e.g., SentinelOne), including integration into centralized detection workflows
- Lead the design and rollout of automated security controls, including secrets rotation for high-risk systems
- Define alerting strategy, including severity models, escalation paths, and on-call expectations
- Lead investigations into complex or ambiguous security signals, setting the standard for root cause analysis and response
- Partner with engineering teams to improve instrumentation and ensure systems emit high-quality security signals
- Define and track key metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and drive measurable improvements
- Mentor and guide other engineers, raising the overall capability of the team in detection and security operations
Requirements
You have 6+ years of experience in Security Engineering, SRE, or Infrastructure Engineering with a strong security focus. Proven experience designing or significantly improving security monitoring, detection, or SIEM systems. Strong understanding of cloud environments (ideally AWS), including IAM, networking, and logging at scale. Experience working with endpoint detection and response tools such as SentinelOne or similar. Deep experience working with logs, events, and telemetry to build meaningful, high-signal detections. Strong programming or scripting skills (Python, Go, or similar), with a focus on automation and system design. A strong understanding of attacker behavior and the ability to translate threats into detection strategies. Experience defining alerting models and reducing noise while maintaining strong coverage. Ability to operate in ambiguous environments and define structure where none exists. Strong cross-functional communication skills, with the ability to influence engineering and leadership. A pragmatic, outcome-oriented mindset focused on reducing real risk and improving operational effectiveness.