Block
Security Engineer, Detection & Response- Monitoring & Triage
Rol remoto de 10404 Engineering - Information Security con fit claro de ubicación del candidato.
PublicadoAgregado recientemente
Países elegibles1 país aceptado
Señal de seniorityNivel abierto
Modelo de trabajoRemoto
Ubicaciones aceptadas para candidatos
Australia
Resumen del rol
Security Engineer, Detection & Response- Monitoring & Triage
Requisitos y responsabilidades
Contenido del rol extraído en secciones para revisar más rápido.
You Will
- Own daily security intake across alert queues, Slack channels, and walk-in escalations from teams across Block, acting as the welcoming front door for security ops.
- Investigate and drive resolution of security events end-to-end, including endpoint detections, cloud/SaaS alerts, malware, supply chain issues, and hands-on-keyboard activity.
- Pivot across endpoint, identity, cloud, SaaS, network, DNS, and application telemetry to build timelines, test hypotheses, determine scope, and assess impact.
- Run nuanced investigations across non-uniform environments where device posture, identity models, and telemetry differ significantly.
- Consistently turn recurring investigative patterns into durable improvements: recommend new detections, automate triage workflows, refine automation logic, and clarify escalation paths.
- Identify structural gaps surfaced during investigations (weak controls, missing telemetry, outdated runbooks) and push for durable fixes rather than one-off workarounds.
- Define containment criteria, organize investigation threads, coordinate responders, drive status updates, and follow through on lessons learned.
- Lead cross-team efforts that improve investigation quality, response readiness, and operational maturity; and present interesting findings to the broader team and participate in tabletop exercises and post-incident reviews.
You Have
- 5+ years of experience in detection and response, incident response, security engineering, or equivalent depth of hands-on investigative experience.
- Strong investigative judgment across endpoint, identity, cloud, SaaS, network, and application security signals; AWS and Kubernetes security fundamentals, cloud-native logging, networking, and Linux systems.
- Experience leading incidents end-to-end, including scoping, containment, evidence collection, impact assessment, and stakeholder communication.
- Strong SQL and log-query/analysis skills, with the ability to work effectively across large, messy telemetry sets without waiting for a perfect dashboard.
- Current, practical working knowledge of attacker TTPs across macOS, Windows, and Linux with live response and forensics.
- An established AI development workflow.
- Experience building, tuning, or maintaining detections, investigation workflows, or internal security tooling.
- An engineering mindset: you start looking for the detection, workflow, control, or automation change that will eliminate a manual pattern.
- The ability to work independently across time zones, managing competing priorities with empathy, patience, and curiosity.
Nice-to-have qualities that stand out
- Experience with threat intelligence and threat hunting.
- Experience with malware analysis, forensic artifact collection, or reversing.
- Experience working with human-in-the-loop automation or AI-assisted investigation systems
Roles similares
Mantén una lista de respaldo.
Stack
Usa estas tags para comparar roles remotos similares.
Elegibilidad de ubicación
Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.
Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.
Flujo de contratación
WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.
1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.