Senior Security Engineer, Detection and Response

Senior Security Engineer, Detection and ResponseAt HackerOne, we're rebuilding our Detection & Response function with an AI-first approach—focused on engineering, not just triage. As a Senior Security Engineer, you will design and deliver detection and response capabilities that protect a modern, cloud‑native environment by writing code, building AI‑powered tooling, and automating workflows end‑to‑end.This role operates across the full detection lifecycle—from identifying gaps in observability to shipping high‑signal detections and leading incident response when it matters most. You'll help scale what a small team can accomplish by embedding automation, intelligence, and AI into how we detect and respond to threats.At HackerOne, we embrace a Flexible Work approach that gives us the freedom to do our best work while also fostering the connections and community that make us stronger. Reflecting this philosophy, this is a remote role targeted for candidates within ~50 miles of Austin TX, Seattle WA, Washington DC, San Francisco CA, or Boston MA. We believe this balance of proximity and flexibility gives Hackeronians the chance to occasionally come together – fostering collaboration, connection, and in‑person moments that enrich our culture – while still preserving the benefits of remote work.What You Will DoDesign, build, and maintain detection‑as‑code capabilities across cloud infrastructure, SaaS applications, endpoints, and identity systems, improving coverage and signal quality through data‑driven decision making.Build automated investigation and response workflows that replace manual runbooks, leveraging AI‑first principles to scale triage, enrichment, containment, and remediation.Develop and deploy AI/LLM‑powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI‑first practices into daily workflows.Lead and participate in incident response, including detection, investigation, containment, and retrospectives, applying first‑principles problem solving to identify root causes and improve long‑term resilience.Partner cross‑functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle.Continuously improve detection quality by analyzing alert performance, tuning for signal, and building feedback loops between incidents and detections using data‑driven decision making.Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete detection and response solutions through first‑principles problem solving.Adapt quickly to evolving threats, tools, and priorities, helping the team maintain momentum and effectiveness through change agility.Minimum Qualifications5+ years of experience in detection and response, security engineering, or software engineering with a security focus.Strong software engineering fundamentals with proficiency in Python, Go, Ruby, or similar languages, and experience working in production codebases.Hands‑on experience with cloud environments (AWS preferred), including services such as CloudTrail, GuardDuty, and VPC flow logs.Experience with log aggregation and analysis platforms (e.g., Datadog, Splunk, ELK) and endpoint detection tools (e.g., SentinelOne, CrowdStrike).Preferred QualificationsExperience building AI/LLM‑powered security tooling or applying AI to detection, triage, or investigation workflows.Experience with detection‑as‑code frameworks or building custom detection pipelines.Familiarity with containerized environments (Docker, Kubernetes, ECS/EKS).Experience with threat intelligence, threat hunting, forensics, or attacker tradecraft frameworks such as MITRE ATT&CK.Job BenefitsHealth (medical, vision, dental), life, and disability insuranceEquity stock optionsRetirement plansPaid public holidays and unlimited PTOPaid maternity and parental leaveLeaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)Employee Assistance Program*Eligibility may differ by countryVisa/work permit sponsorship is not available.Employment at HackerOne is contingent on a background check.HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.For U.S. based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.#J-18808-Ljbffr

Senior Security Engineer, Detection and ResponseAt HackerOne, we're rebuilding our Detection & Response function with an AI-first approach—focused on engineering, not just triage. As a Senior Security Engineer, you will design and deliver detection and response capabilities that protect a modern, cloud‑native environment by writing code, building AI‑powered tooling, and automating workflows end‑to‑end.This role operates across the full detection lifecycle—from identifying gaps in observability to shipping high‑signal detections and leading incident response when it matters most. You'll help scale what a small team can accomplish by embedding automation, intelligence, and AI into how we detect and respond to threats.At HackerOne, we embrace a Flexible Work approach that gives us the freedom to do our best work while also fostering the connections and community that make us stronger. Reflecting this philosophy, this is a remote role targeted for candidates within ~50 miles of Austin TX, Seattle WA, Washington DC, San Francisco CA, or Boston MA. We believe this balance of proximity and flexibility gives Hackeronians the chance to occasionally come together – fostering collaboration, connection, and in‑person moments that enrich our culture – while still preserving the benefits of remote work.What You Will DoDesign, build, and maintain detection‑as‑code capabilities across cloud infrastructure, SaaS applications, endpoints, and identity systems, improving coverage and signal quality through data‑driven decision making.Build automated investigation and response workflows that replace manual runbooks, leveraging AI‑first principles to scale triage, enrichment, containment, and remediation.Develop and deploy AI/LLM‑powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI‑first practices into daily workflows.Lead and participate in incident response, including detection, investigation, containment, and retrospectives, applying first‑principles problem solving to identify root causes and improve long‑term resilience.Partner cross‑functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle.Continuously improve detection quality by analyzing alert performance, tuning for signal, and building feedback loops between incidents and detections using data‑driven decision making.Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete detection and response solutions through first‑principles problem solving.Adapt quickly to evolving threats, tools, and priorities, helping the team maintain momentum and effectiveness through change agility.Minimum Qualifications5+ years of experience in detection and response, security engineering, or software engineering with a security focus.Strong software engineering fundamentals with proficiency in Python, Go, Ruby, or similar languages, and experience working in production codebases.Hands‑on experience with cloud environments (AWS preferred), including services such as CloudTrail, GuardDuty, and VPC flow logs.Experience with log aggregation and analysis platforms (e.g., Datadog, Splunk, ELK) and endpoint detection tools (e.g., SentinelOne, CrowdStrike).Preferred QualificationsExperience building AI/LLM‑powered security tooling or applying AI to detection, triage, or investigation workflows.Experience with detection‑as‑code frameworks or building custom detection pipelines.Familiarity with containerized environments (Docker, Kubernetes, ECS/EKS).Experience with threat intelligence, threat hunting, forensics, or attacker tradecraft frameworks such as MITRE ATT&CK.Job BenefitsHealth (medical, vision, dental), life, and disability insuranceEquity stock optionsRetirement plansPaid public holidays and unlimited PTOPaid maternity and parental leaveLeaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)Employee Assistance Program*Eligibility may differ by countryVisa/work permit sponsorship is not available.Employment at HackerOne is contingent on a background check.HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.For U.S. based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.#J-18808-Ljbffr

• 

• Government Careers