Block
Security Engineer, Detection & Response- Monitoring & Triage
Vaga remota de 10404 Engineering - Information Security com fit claro de localização do candidato.
PublicadaAdicionada recentemente
Países elegíveis1 país aceito
Sinal de senioridadeNível aberto
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Austrália
Resumo da vaga
Security Engineer, Detection & Response- Monitoring & Triage
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
You Will
- Own daily security intake across alert queues, Slack channels, and walk-in escalations from teams across Block, acting as the welcoming front door for security ops.
- Investigate and drive resolution of security events end-to-end, including endpoint detections, cloud/SaaS alerts, malware, supply chain issues, and hands-on-keyboard activity.
- Pivot across endpoint, identity, cloud, SaaS, network, DNS, and application telemetry to build timelines, test hypotheses, determine scope, and assess impact.
- Run nuanced investigations across non-uniform environments where device posture, identity models, and telemetry differ significantly.
- Consistently turn recurring investigative patterns into durable improvements: recommend new detections, automate triage workflows, refine automation logic, and clarify escalation paths.
- Identify structural gaps surfaced during investigations (weak controls, missing telemetry, outdated runbooks) and push for durable fixes rather than one-off workarounds.
- Define containment criteria, organize investigation threads, coordinate responders, drive status updates, and follow through on lessons learned.
- Lead cross-team efforts that improve investigation quality, response readiness, and operational maturity; and present interesting findings to the broader team and participate in tabletop exercises and post-incident reviews.
You Have
- 5+ years of experience in detection and response, incident response, security engineering, or equivalent depth of hands-on investigative experience.
- Strong investigative judgment across endpoint, identity, cloud, SaaS, network, and application security signals; AWS and Kubernetes security fundamentals, cloud-native logging, networking, and Linux systems.
- Experience leading incidents end-to-end, including scoping, containment, evidence collection, impact assessment, and stakeholder communication.
- Strong SQL and log-query/analysis skills, with the ability to work effectively across large, messy telemetry sets without waiting for a perfect dashboard.
- Current, practical working knowledge of attacker TTPs across macOS, Windows, and Linux with live response and forensics.
- An established AI development workflow.
- Experience building, tuning, or maintaining detections, investigation workflows, or internal security tooling.
- An engineering mindset: you start looking for the detection, workflow, control, or automation change that will eliminate a manual pattern.
- The ability to work independently across time zones, managing competing priorities with empathy, patience, and curiosity.
Nice-to-have qualities that stand out
- Experience with threat intelligence and threat hunting.
- Experience with malware analysis, forensic artifact collection, or reversing.
- Experience working with human-in-the-loop automation or AI-assisted investigation systems
Vagas similares
Mantenha uma lista reserva.
Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.