Senior Security Engineer II – Threat Detection & Response

In this role you will not just administer the platforms.  You''ll write production-grade code, engineer scalable detections, automate response, and develop proactive threat controls using deep knowledge of cloud, identity, application, and data attack paths.

What You’ll Do

• Adversary Response Planning: Develop and maintain a comprehensive adversary response strategy, mapping organizational risks to specific threat actor TTPs (Tactics, Techniques, and Procedures).
• Cross-Functional Leadership: Act as a Subject Matter Expert to Infrastructure, Engineering, and security teams. Guide these partners in implementing proactive security controls, ensuring that security is "baked in" to the development lifecycle and corporate infrastructure.
• Proactive Threat Modeling: Lead and build collaborative threat modeling sessions for new products and infrastructure, helping cloud platform, Engineering and IT identify and neutralize architectural weaknesses before deployment.
• Continuous Detection Engineering: Build, tune, and constantly update a library of high-fidelity detections. You will ensure our alerting logic evolves in lockstep with new exploitation techniques and industry benchmarks.
• Industry Alignment: Monitor the evolving security landscape (e.g., CISA advisories, new MITRE techniques) to ensure client remains at the forefront of industry-standard security controls.
• Resilience Testing & Training: Design and lead cross-functional Incident Response simulations and tabletop exercises. Use these sessions to educate non-security teams on their roles during a crisis and to identify gaps in our defense-in-depth strategy.
• Advanced Incident Management: Lead the full lifecycle of high-severity security incidents, acting as the primary SME for containment and eradication while managing communication with executive leadership.
• Automation & Orchestration: Architect SOAR workflows to ensure common adversary techniques are met with immediate, automated remediation, reducing the manual burden on IT and Ops.

• Minimum 7+ years in security with at least 5+ years deeply focused on detection engineering, incident response, or threat hunting in cloud-native environments and a track record of working in fast paced SaaS environments,moving organizations from reactive IR to threat-informed defense.
• Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
• Hands-on proficiency in securing AWS/Google Cloud Platform/Azure + modern Identity Stack, including experience with Kubernetes security and Terraform/IaC.
• Strong coding ability to build automations, security pipeline, detection as code etc.
• Deep understanding of cloud IAM attack paths, token/session abuse, API threats, and data exfiltration patterns, CI/CD for detections
• Experience designing and operating telemetry pipelines (normalization, correlation, data quality, schema strategy).
• Strong incident response leadership for high-severity events in production environments.
• Deep familiarity with threat intelligence frameworks (MITRE ATT&CK) and the ability to convert raw intel into actionable detection/prevention strategies.
• Proven experience running incident response tests, breach and attack simulations (BAS), or red/blue team exercises.
• Deep expertise in security tooling across SIEM, EDR, CNAPP, WAF, CASB, and Data Security platforms and judgment to know when to buy vs build.
• The ability to translate complex technical threats into clear, actionable guidance for both technical peers and executive leadership.
• Relevant certifications (nice-to-have): GCIA, GCIH, GCTI, CISSP, CCSP.
• Contributions to open-source security projects or published research (nice-to have)