Block

Security Engineer, Detection & Response- Monitoring & Triage

Remote 10404 Engineering - Information Security role with clear candidate location fit.

PostedRecently added

Eligible countries1 accepted country

Seniority signalOpen level

Work settingRemote

Accepted candidate locations

Australia

Can I actually apply?Check country list

Accepted candidate countries are listed (1).

Source freshnessRecently added

Location fit1 accepted country

Stack matchAWS, Kubernetes

Apply pathCompany site

Mira fit summaryWhy this role is worth checking

Location fit1 accepted countryAdd your country

Stack matchAdd profile skills to compareAWS, Kubernetes

Seniority signalOpen levelSet your level for a sharper check.

Apply readinessCompany siteApplication continues on the company site.

Application

Apply on company site

External apply

Applying forSecurity Engineer, Detection & Response- Monitoring & TriageBlock

Country fit1 accepted country

Apply pathCompany site

WithMiraSave or subscribe before leaving

Company application

WithMira keeps this role for discovery. The application continues on the company site.

Role overview

Readable role content extracted into sections for faster review.

Own daily security intake across alert queues, Slack channels, and walk-in escalations from teams across Block, acting as the welcoming front door for security ops.
Investigate and drive resolution of security events end-to-end, including endpoint detections, cloud/SaaS alerts, malware, supply chain issues, and hands-on-keyboard activity.
Pivot across endpoint, identity, cloud, SaaS, network, DNS, and application telemetry to build timelines, test hypotheses, determine scope, and assess impact.
Run nuanced investigations across non-uniform environments where device posture, identity models, and telemetry differ significantly.
Consistently turn recurring investigative patterns into durable improvements: recommend new detections, automate triage workflows, refine automation logic, and clarify escalation paths.
Identify structural gaps surfaced during investigations (weak controls, missing telemetry, outdated runbooks) and push for durable fixes rather than one-off workarounds.
Define containment criteria, organize investigation threads, coordinate responders, drive status updates, and follow through on lessons learned.
Lead cross-team efforts that improve investigation quality, response readiness, and operational maturity; and present interesting findings to the broader team and participate in tabletop exercises and post-incident reviews.

5+ years of experience in detection and response, incident response, security engineering, or equivalent depth of hands-on investigative experience.
Strong investigative judgment across endpoint, identity, cloud, SaaS, network, and application security signals; AWS and Kubernetes security fundamentals, cloud-native logging, networking, and Linux systems.
Experience leading incidents end-to-end, including scoping, containment, evidence collection, impact assessment, and stakeholder communication.
Strong SQL and log-query/analysis skills, with the ability to work effectively across large, messy telemetry sets without waiting for a perfect dashboard.
Current, practical working knowledge of attacker TTPs across macOS, Windows, and Linux with live response and forensics.
An established AI development workflow.
Experience building, tuning, or maintaining detections, investigation workflows, or internal security tooling.
An engineering mindset: you start looking for the detection, workflow, control, or automation change that will eliminate a manual pattern.
The ability to work independently across time zones, managing competing priorities with empathy, patience, and curiosity.

Experience with threat intelligence and threat hunting.
Experience with malware analysis, forensic artifact collection, or reversing.
Experience working with human-in-the-loop automation or AI-assisted investigation systems

Similar roles