Security Engineer, Detection & Response
About the role
We are seeking a Senior Security Engineer with a specialty in Detection and Incident Response to join our Security Engineering team. This role sits at the intersection of security operations and software engineering — you won't just investigate incidents, you'll build the systems that detect, contain, and prevent them.
Responsibilities
- Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.
- Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.
- Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.
- Perform digital incident investigations to identify and contain potential security breaches.
- Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.
- Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.
- Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organization.
- Utilize threat intelligence platforms to improve hunting, detection, and response workflows.
- Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.
Requirements
You will have:
- 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.
- Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code — not just scripts.
- Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.
- Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.
- A strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.
- Familiarity with digital forensics tools and malware analysis techniques.
- Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.
- Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.
- Strong communication skills, with the ability to translate complex security findings into clear business impact.
Qualifications
Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.
Benefits
Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position and may be inclusive of several career levels at Scale; it will be determined during the interview process based on work location and additional factors, including job-related skills, experience, qualifications, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant.
Pay
Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is: $237,600—$297,000 USD.
Schedule
This role is full-time.
Skills
The ideal candidate will have:
- Experience with cloud-native environments (e.g., AWS, GCP, Azure).
- Experience with SIEM, EDR, and SOAR tools.
- Experience with threat intelligence platforms.
- Experience with digital forensics tools and malware analysis techniques.
- Experience with scripting languages (e.g., Python, Go).
- Experience with version control systems (e.g., Git).
- Experience with cloud-based security solutions (e.g., AWS Security Hub, Azure Sentinel).
- Experience with incident response and forensics.
- Experience with automation and orchestration tools (e.g., Ansible, Terraform).
- Experience with data modeling and normalization.
- Experience with threat hunting and detection.
- Experience with cloud-based security solutions (e.g., AWS Security Hub, Azure Sentinel).
- Experience with security architecture and design.
- Experience with security compliance and auditing.
- Experience with security policy and governance.
- Experience with security operations and incident response.
- Experience with security testing and vulnerability management.
- Experience with security awareness and training.
- Experience with security metrics and analytics.
- Experience with security risk assessment and management.
- Experience with security research and development.
- Experience with security standards and frameworks (e.g., NIST, CIS, OWASP).
- Experience with security tools and technologies (e.g., Splunk, ELK Stack, LogRhythm, QRadar, Darktrace, Phantom, Cortex XSOAR).
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security training and education.
- Experience with security