Lead Software Engineer – Frontend
The Walt Disney Company
AWSJavaScriptNode.jsReactReduxTypeScriptWebpack
Senior Security Engineer, Detection & Response
Aircall
full-time
Posted on:
Location Type: Hybrid
Location: Seattle • Washington • 🇺🇸 United States
Visit company websiteSalary
💰 $165,000 - $210,000 per year
Job Level
Senior
Tech Stack
AnsibleAWSAzureCloudElasticSearchGoGoogle Cloud PlatformPythonSplunkTerraform
About the role
- Lead end-to-end development of detection logic: from threat modeling and hypothesis to writing, testing, tuning, and deploying detection rules and alerts (across logs, telemetry, host, network, cloud).
- Build detection pipelines, orchestration, triage logic, and automation for alert handling and response (e.g. SOAR, playbooks).
- Conduct threat hunts proactively in corporate and production environments, discovering anomalies and attacker behaviors before they escalate.
- Lead incident response: investigate, contain, remediate, and perform root cause analysis. Drive post-incident reviews and feed lessons learned back into detection strategy.
- Assess and fill gaps in visibility—work with engineering teams to ensure logging, instrumentation, and context are sufficient to detect relevant threats.
- Evolve detection maturity: turn simple signature-based alerts into more advanced behavioral, statistical, ML-driven, and adversary-informed detections, in line with detection engineering maturity models.
- Author and maintain detection documentation, runbooks, alert definitions, tuning guidelines, and metrics.
- Collaborate cross-functionally (Engineering, Product, Fraud, Privacy and Legal) to align detection and response work with product lifecycles and system architecture.
- Be part of on-call rotations or threat-response rotations; escalate, coordinate, and remove blockers during high-severity events.
- Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly.
- Participate in hiring, interview evaluation of Security and Infrastructure engineering candidates, and team growth.
Requirements
- 5+ years of hands-on experience in security operations, detection engineering, incident response, threat hunting, or similar fields (or equivalent combination).
- Deep knowledge of adversarial tactics, techniques, and procedures (TTPs), threat actor behavior, kill-chain or MITRE ATT&CK framework.
- Proven experience building detections from scratch (versus just tuning commercial alerts)—i.e. you can turn a hypothesis or a threat intel indicator into a production-quality detection with low false positive rate.
- Hands-on experience with SIEM or log analytics platforms (e.g. Elasticsearch, Splunk, Datadog, AWS Athena, OpenSearch or equivalent), and alerting/monitoring tooling.
- Proficiency with a programming or scripting language (e.g. Python, Go, or similar along with IaC - Terraform, Ansible) to build detection pipelines, automations, triage logic, or tooling
- Experience in digital forensics, host-based detection, endpoint telemetry, process/network visibility, cloud observability (logs, metrics, traces).
- Comfortable working in cloud-first environments (AWS, GCP, Azure) and instrumenting detection across cloud workloads, containers, serverless, etc.
- Experience responding to incidents (investigating logs, creating timelines, root cause, containment) in production environments.
- Familiarity with security automation / orchestration (SOAR), playbooks, response automation, and alert triage workflows.
- Strong communication skills; ability to translate complex detection logic, trade-offs and risk to engineers and leadership.
- High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight.
Benefits
- Medical, dental, and vision insurance is 100% covered
- 401k plan with company matching!
- Unlimited PTO — take the time you need to come to work feeling great!
- Wellness, internet, and childcare reimbursements
- Generous parental leave policy
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
detection engineeringincident responsethreat huntingadversarial tacticsprogrammingscriptingdigital forensicscloud observabilityalert triageroot cause analysis
Soft skills
strong communicationautonomyinitiativeownershipcollaboration
