RemoteLeaf Logo
Log in Sign up

Staff Detection and Response Engineer

1 hour, 50 minutes ago
India
Full-time
Lead
Security Engineer
Cybersecurity
AWS CI/CD GCP Linux macOS Python SIEM Snowflake
Apply Now
Alphasense

Alphasense

Alphasense is a global leader in providing high-quality gas sensors and air quality monitors to industrial OEMs. With over 25 years of experience, the company offers a wide range of innovative gas sensor technologies for various applications, including...

Industrial Conglomerates
51-250
Founded 1996
View All Jobs 57

Description

  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM, EDR, and cloud platforms.
  • Lead detection strategy and architecture aligned with detection quality frameworks and MITRE ATT&CK coverage.
  • Write high-fidelity detections using SIGMA, YARA-L, and related query languages.
  • Perform log source analysis, threat modeling, adversary emulation, and detection gap analysis.
  • Create and maintain detection playbooks, runbooks, and technical documentation.
  • Develop automated response playbooks and enrichment pipelines across multiple security tools.
  • Integrate security tools through APIs and automate containment actions such as account disablement, host isolation, and firewall rule updates.
  • Measure and report automation effectiveness, including time saved and incident handling efficiency.
  • Co-lead the threat hunting program, including strategy, methodology, and campaign planning.
  • Execute proactive threat hunts, analyze anomalous behavior, and build hunting automation with Python and related tools.

Requirements

  • 7+ years of experience in security operations, including 3+ years in detection engineering.
  • Deep expertise creating high-fidelity detection rules with SIGMA, YARA-L, KQL, and SPL.
  • Proven experience building detection strategies across SIEM, EDR, and cloud platforms using MITRE ATT&CK.
  • Expert knowledge of SOAR platforms such as Tines, Splunk SOAR, or Cortex XSOAR.
  • Experience designing and implementing SOAR architecture from concept to production.
  • Advanced Python scripting and automation skills for API integrations and security tool orchestration.
  • Strong threat hunting experience, including hypothesis development and campaign execution.
  • Hands-on experience with Jupyter Notebooks, Osquery, Velociraptor, and anomaly detection analysis.
  • Deep understanding of attack techniques, lateral movement, persistence, and post-exploitation TTPs across Windows, Linux, and macOS.
  • Familiarity with MITRE ATT&CK, PICERL, NIST CSF, Detection Maturity Models, and incident response best practices.
  • Ability to lead technical initiatives, mentor others, and communicate complex concepts to diverse audiences.
  • Preferred: Experience with YARA-L and detection engineering quality frameworks.
  • Preferred: Experience evaluating and operationalizing SOAR platforms from architecture through implementation.
  • Preferred: Advanced knowledge of CrowdStrike Falcon custom IOA rules.
  • Preferred: Background in purple teaming, adversary emulation, or red teaming.
  • Preferred: Experience with CI/CD for detection-as-code and automation-as-code.
  • Preferred: Security certifications such as GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent.
  • Preferred: Experience with security data lakes such as Snowflake or BigQuery and threat intelligence platforms.
  • Preferred: Published research, blog posts, or conference presentations on detection, automation, or threat hunting.

Benefits

  • High-impact leadership role with ownership of critical security capabilities.
  • Greenfield opportunity to architect and build a SOAR platform from the ground up.
  • Opportunity to lead major SIEM migration efforts.
  • Autonomy to shape security architecture, tool evaluations, and team direction.
  • Join a growing security team with clear structure and growth trajectory.
  • Work on complex problems at scale with a modern security stack.
  • Balanced role combining strategic architecture work with hands-on investigation and hunting.
  • AI-driven company with active use of AI tools in day-to-day work.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Calendly

Security Automation Engineer

Calendly 251-1K Internet Software & Services

Calendly is hiring a Security Automation Engineer to help scale its security organization by building automation, internal tools, and reusable workflows that reduce risk and improve operational efficiency.

United States Full-time Mid Level Security Engineer Software Engineer
$156k-$221k
GCP Go Kubernetes Python Ruby System Design TypeScript
5 minutes ago
Miro

Senior Threat Detection Engineer - Intelligence

Miro 1K-5K Internet Software & Services

Miro is hiring a Senior Threat Detection & Intelligence Engineer to help protect its cloud and SaaS environment by translating threat intelligence into detections and leading high-impact investigations and incident response.

United States Full-time Senior Security Engineer
AWS Python SQL Terraform
50 minutes ago
HighLevel

Security Engineer II

HighLevel 251-1K Internet Software & Services

HighLevel is hiring a Security Engineer II in India to support global cybersecurity compliance, risk management, and third-party security operations across its remote-first platform environment.

India Full-time Senior Security Engineer
1 hour, 48 minutes ago
Chainguard

Security Engineer, Governance and Trust

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Security Engineer for its Governance & Trust team to build the data, automation, and systems that prove security controls and risk management processes in a secure software supply chain.

United States Full-time Mid Level Security Engineer
Bash Git GitHub Python SQL Statistics
1 hour, 50 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers