Resumo da vaga

Engineering Manager, Security Detection & Response

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Security Incident Leadership & Response

  • Own and continuously improve end-to-end detection, investigation, response, post-incident review, and threat intelligence-informed improvement processes, including AI-assisted triage and investigation workflows.
  • Lead complex and high-severity incidents with clear decision-making, effective stakeholder communication, and accountable follow-through on remediation.
  • Stay technically engaged in investigations across cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios, and translate incident learnings, platform changes, and threat trends into Security Detection & Response priorities.

Security Observability, Detection Engineering, Automation & AI

  • Define and evolve security observability and detection strategy, including telemetry onboarding, signal quality, threat intelligence inputs, alert tuning, and coverage validation.
  • Oversee Panther detections, MITRE ATT&CK-aligned use cases, investigation playbooks, and response automations, with measurement and validation loops for coverage, precision, latency, tuning effectiveness, safe rollout, and attack-simulation-based validation.
  • Transform security operations processes through practical use of AI, including designing agents and AI-native workflows for triage, enrichment, investigation, and response.
  • Drive Python-based tooling, CI/CD practices, and pragmatic use of AI to improve the speed, quality, and reliability of Security Detection & Response workflows.

Team Leadership & Cross-Functional Collaboration

  • Build, lead, and retain a high-performing remote Security Detection & Response team with clear expectations, strong onboarding, documentation, and knowledge-sharing practices.
  • Coach engineers to grow in technical depth, operational ownership, and leadership capability while partnering closely with Engineering, IT, Fraud, Legal, People, Support, and Product on incidents, investigations, and security improvements.
  • Work closely with Engineering and Infrastructure on telemetry quality, data pipelines, and operational readiness, and communicate security risk, incident impact, and remediation plans clearly to technical and non-technical stakeholders.
  • Define and review strategy-aligned metrics and reporting that measure Security Detection & Response effectiveness, highlight trends and gaps, and inform priorities and stakeholder decisions.

Required Skills & Experience

  • 5+ years of experience in Security Detection & Response, Security Engineering, or Incident Response.
  • 2+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment.
  • Strong hands-on experience with modern SIEM platforms, security observability, detection engineering, log analysis, and complex security investigations; experience with Panther is highly valued.
  • Strong proficiency in Python for automation, analysis, and internal tooling, with the ability to remain technically credible with engineers.
  • Experience with automation, Git-based workflows, CI/CD practices, threat intelligence-informed detections, AI-assisted workflows, and building agents or AI-native workflows for security content, tooling, or response processes.
  • Experience with cloud-native platforms, security telemetry, and SaaS environments; GCP experience preferred. Familiarity with toolsets similar to Apollo's, including Google Workspace, Okta, GitHub, Slack, Atlassian, Cloudflare, CrowdStrike, Kandji, Panther, and Snowflake-backed log pipelines, is strongly valued.
  • Excellent written and verbal communication, leadership, and stakeholder management skills.

Preferred Qualifications

  • Experience leading Detection Engineering, Security Engineering, or Security Detection & Response teams in a high-growth cloud or SaaS environment.
  • Experience applying AI-assisted security tooling to detection, triage, investigation, or response in a production environment.
  • Familiarity with MITRE ATT&CK, threat intelligence workflows, and vulnerability management programs, SLAs, and remediation processes.
  • Relevant certifications such as CISSP, GCIA, GCIH, GCED, or cloud security certifications.
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoSecurity Detection & ResponseÁrea da vaga
Sinal de senioridadeLeadNível do candidato
StackCI/CD, GCP, PythonSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.