Software Engineer – Security
Hone Health
AWSAzureCloudGoGoogle Cloud PlatformJavaPython
Security Engineer – Detection & Response
Nerdy Dragon
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AWSCloudPython
About the role
- Implement and operate detection systems, including a scalable cloud-native SIEM platform supporting ingestion from identity, endpoint, SaaS, and infrastructure sources.
- Develop and maintain detection coverage maps aligned to MITRE ATT&CK techniques, threat modeling, and incident history.
- Leverage AI to accelerate detection rule creation, enrichment, and triage insights, and conduct AI-assisted threat hunting to surface novel behaviors and codify them as deterministic detections.
- Build detection observability tools and dashboards to monitor rule effectiveness, alert volumes, and system performance.
- Design and implement SOAR workflows and automated response playbooks with built-in observability, rollback, and reliability controls.
- Leverage AI within SOAR for adaptive enrichment, workflow generation, and documentation, while continuously tuning automation based on incident outcomes.
- Lead incident response activities as part of the incident commander rotation, and drive continuous improvement of runbooks and playbooks using lessons learned and AI support for timelines and summaries.
- Collaborate cross-functionally with engineering and business stakeholders to embed detection and response into system design, operational processes, and organizational priorities.
Requirements
- 5+ years in security engineering, detection engineering, or threat-focused automation roles.
- Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns.
- Familiarity with MITRE D3FEND for defense-in-depth and response playbook design.
- Hands-on experience designing, deploying, or managing SIEM platforms (vendor-neutral mindset preferred).
- Strong Python scripting skills for integrations, enrichment logic, and playbook development.
- Experience working with structured data formats such as JSON, YAML, logs, and metrics.
- Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS.
- Understanding of event-driven architecture and API-driven integrations.
- Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy.
- Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes.
- Preferred:
- Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms.
- Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD.
- Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries.
- Experience with MITRE frameworks: ATT&CK (adversary techniques), D3FEND (defensive techniques), and ATLAS (AI-related attacks).
- Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet).
Benefits
- Competitive Compensation: Market-leading salary paired with clear promotion pathways - become an owner in our success.
- Retirement Made Simple: 401(k) plan with company match and immediate vesting.
- A Remote-First Culture: We embrace flexibility across time zones and working styles to attract top talent and meet learners where they are.
- Flexible Time Off: Recharge on your terms, ensuring maximum productivity.
- Continuous Learning: Access an all-inclusive learning membership for you and your household, including 1:1 tutoring hours, unlimited on-demand classes, and our full suite of learning products and services.
- Supercharge with AI: Leverage cutting-edge AI tools to accelerate your workflow.
- You’re Covered: Medical, dental, vision, life, STD & LTD plans plus strong maternity, paternity, and adoption leaves - numerous options for you and your family.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
security engineeringdetection engineeringthreat-focused automationMITRE ATT&CK frameworkPython scriptingSIEM platformsdetection pipelinesdetection-as-code practicesdetection rulesevent-driven architecture
Soft skills
cross-functional collaborationautonomous workincident response leadershipcontinuous improvementcommunication
