At Nerdy, we are looking for a Security Engineer - Detection & Response to own our AI-powered threat detection pipeline. You will be responsible for identifying and responding to malicious activity by engineering scalable systems to detect threats and trigger automated responses. This is a platform engineering role focused on building and operating a modern detection pipeline integrated with security automation workflows.
What You'll Do
- Implement and operate detection systems, including a scalable cloud-native SIEM platform supporting ingestion from identity, endpoint, SaaS, and infrastructure sources.
- Develop and maintain detection coverage maps aligned to MITRE ATT&CK techniques, threat modeling, and incident history.
- Leverage AI to accelerate detection rule creation, enrichment, and triage insights, and conduct AI-assisted threat hunting to surface novel behaviors and codify them as deterministic detections.
- Build detection observability tools and dashboards to monitor rule effectiveness, alert volumes, and system performance.
- Design and implement SOAR workflows and automated response playbooks with built-in observability, rollback, and reliability controls.
- Leverage AI within SOAR for adaptive enrichment, workflow generation, and documentation, while continuously tuning automation based on incident outcomes.
- Lead incident response activities as part of the incident commander rotation, and drive continuous improvement of runbooks and playbooks using lessons learned and AI support for timelines and summaries.
- Collaborate cross-functionally with engineering and business stakeholders to embed detection and response into system design, operational processes, and organizational priorities.
What We're Looking For
- 5+ years in security engineering, detection engineering, or threat-focused automation roles.
- Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns.
- Familiarity with MITRE D3FEND for defense-in-depth and response playbook design.
- Hands-on experience designing, deploying, or managing SIEM platforms (vendor-neutral mindset preferred).
- Strong Python scripting skills for integrations, enrichment logic, and playbook development.
- Experience working with structured data formats such as JSON, YAML, logs, and metrics.
- Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS.
- Understanding of event-driven architecture and API-driven integrations.
- Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy.
- Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes.
Nice to Have
- Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms.
- Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD.
- Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries.
- Experience with MITRE frameworks: ATT&CK (adversary techniques), D3FEND (defensive techniques), and ATLAS (AI-related attacks).
- Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet).
Technical Stack
- Python
- SIEM platforms
- AWS
- Elastic
- Panther
- Sigma
Benefits & Compensation
- Competitive USD Compensation.
- 100% Remote (Home Country Only).
- Flexible Time Off.
- Local Holiday Pay.
- Continuous Learning: free, all-inclusive learning membership for you and your household.
- Supercharge with AI: exclusive access to cutting-edge AI tools.
- Feedback-Rich, Collaborative Culture.
Work Mode
This role is 100% remote, open to candidates in their home country only. The listed location is Remote - San Jose.
Nerdy is an equal opportunity employer.
