Lead Security Engineer, Detection & Response (Data Platform)
Role Overview
This position is responsible for the technical leadership and long-term vision of the organization’s security data infrastructure. You will ensure that security telemetry from diverse internal and external sources is efficiently collected, structured, and used to power detection, investigation, and automated response workflows. As the company scales, your work will directly influence the resilience and responsiveness of security operations.
Key Responsibilities
- Act as the primary technical authority for the security data platform, overseeing its architecture, scalability, and ongoing evolution
- Design and manage ETL/ELT pipelines to process high-volume security data in both streaming and batch formats
- Ensure consistent data quality by defining and enforcing schemas, normalization rules, and event models
- Optimize log ingestion, parsing, and preprocessing to improve performance in analytics and SIEM systems
- Collaborate with engineering and business teams to align security capabilities with organizational growth
- Support incident response efforts by improving telemetry coverage and detection logic
- Develop and refine detection playbooks and automated workflows using high-fidelity data
- Identify visibility gaps during investigations and lead initiatives to close them
- Provide strategic direction for the future of detection engineering and data architecture
- Participate in an on-call rotation, primarily during business hours, with occasional weekend or evening support
Required Qualifications
- 8–10+ years in security engineering, detection & response, or data engineering roles
- Proven experience building or managing large-scale data pipelines in cloud environments
- Hands-on work with AWS services such as S3, Glue, Athena, MSK, Kafka, or Kinesis
- Strong grasp of streaming architectures and event-driven data systems
- Experience processing high-volume telemetry from endpoints, identity systems, networks, and cloud platforms
- Proficiency in data modeling, schema design, and normalization for security use cases
- Programming skills in Python and SQL
- Familiarity with SIEM, SOAR, and analytics platforms
- Background in incident response, threat detection, and security investigations
- Direct experience with AWS and EKS environments
Preferred Qualifications
- Exposure to GCP or Oracle Cloud Infrastructure (OCI)
- Experience applying AI/ML techniques to security detection or automation
- Background in Detections As Code practices
- Interest or experience in blockchain technologies
Work Environment
This role operates in a flexible, global work environment that supports remote collaboration. Innovation is encouraged, and contributions are valued across time zones and regions.
Compensation & Benefits
The base salary range for this position is $225,000 to $290,000, with total compensation reflecting experience, technical depth, and role scope. Additional elements may include performance-based incentives based on business and individual factors.
The company is committed to equal opportunity and inclusion. It participates in the E-Verify program where applicable and provides accommodations for candidates with disabilities during the hiring process.
Company Values
- High Integrity
- Future Forward
- Multistakeholder Focus
- Mindful Collaboration
- Excellence in Execution
