Nerdy Dragon

Security Engineer - Detection & Response

Nerdy Dragon

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudPython

About the role

  • You are an AI-powered Security Engineer responsible for identifying and responding to malicious or suspicious activity across our environment with speed and confidence.
  • This role leads the engineering work behind these capabilities—designing scalable systems to detect threats and trigger automated responses.
  • You will integrate AI into detection and response workflows to accelerate rule development, streamline enrichment, and reduce investigation time, with human validation ensuring precision and alignment.
  • As a cloud-first SaaS company relying on a broad portfolio of SaaS tools, we generate large volumes of event data across identity, endpoint, infrastructure, and collaboration systems. The scale and complexity of this telemetry demand improved detection engineering and automation.
  • This is a platform engineering role focused on building and operating a modern detection pipeline integrated with security automation workflows.
  • You will use Python, structured data, and widely adopted frameworks for mapping adversary behaviors and response logic to drive faster, more effective security outcomes.
  • This role is not a support or triage position but a strategic contributor to our security infrastructure.

Requirements

  • 5+ years in security engineering, detection engineering, or threat-focused automation roles.
  • Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns.
  • Familiarity with MITRE D3FEND for defense-in-depth and response playbook design.
  • Hands-on experience designing, deploying, or managing SIEM platforms (vendor-neutral mindset preferred).
  • Strong Python scripting skills for integrations, enrichment logic, and playbook development.
  • Experience working with structured data formats such as JSON, YAML, logs, and metrics.
  • Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS.
  • Understanding of event-driven architecture and API-driven integrations.
  • Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy.
  • Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes.
  • Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms.
  • Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD.
  • Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries.
  • Experience with MITRE frameworks: ATT&CK (adversary techniques), D3FEND (defensive techniques), and ATLAS (AI-related attacks).
  • Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet).