Detection & Response, Security Engineer

Job not on LinkedIn

🕒 April 23

🇺🇸 United States – Remote

💵 $175k - $275k / year

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

WorkOS

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2019

🔌 API

🏢 Enterprise

🤝 B2B

💰 $80M Series B - WorkOS on 2022-05

API • Enterprise • B2B

WorkOS is a developer-focused platform that provides APIs, SDKs, and hosted admin tools to help SaaS applications become enterprise-ready. It abstracts and normalizes enterprise integrations — including Single Sign-On (SAML/OIDC), SCIM/HRIS directory sync, multi-factor auth, role-based access control, audit logs, and encryption key management — so engineering teams can add enterprise features quickly with minimal custom work. WorkOS targets B2B SaaS companies selling to enterprise customers, offering developer-first docs, sample SDKs, and a hosted Admin Portal for IT admins.

📋 Description

• Build out our detection engineering capability. Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems. We want you to write detections as code — durable, tested, and version-controlled. • Own security incident response. Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments. Build playbooks and runbooks for repeatable response. • Extend detection into the product. Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities. • Build tooling and automation. Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities. We value engineering solutions over manual processes. • Improve visibility and logging. Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available. Identify gaps in monitoring coverage and close them. • Partner with our MDR provider. Collaborate to validate detections, tune rules, and coordinate on incidents. Grow our internal capability over time while maintaining the partnership. • Contribute to security operations maturity. Help build on-call rotation practices, tabletop exercises, post-incident reviews, and operational metrics for the security team. • Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events.

🎯 Requirements

• 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role. • Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering). • Proficiency in Python, Go, or another general-purpose programming language. • Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts. • Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation. • Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics). • Experience with incident response in production and/or corporate environments. • Strong written and verbal communication skills.

🏖️ Benefits

• Competitive pay • Substantial equity grants • Healthcare insurance (Medical, Dental and Vision) for you and your family • 401k matching • Wellness and fitness monthly allowances • PTO + paid holidays + unlimited sick leave • Autonomy and flexibility with remote work