Responsibilities
- Design, build, and maintain detection-as-code capabilities across cloud infrastructure, SaaS applications, endpoints, and identity systems, improving coverage and signal quality through Data-Driven Decision Making
- Build automated investigation and response workflows that replace manual runbooks, leveraging AI First principles to scale triage, enrichment, containment, and remediation
- Develop and deploy AI/LLM-powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI First practices into daily workflows
- Lead and participate in incident response, including detection, investigation, containment, and retrospectives, applying First Principles Problem Solving to identify root causes and improve long-term resilience
- Partner cross-functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle
- Continuously improve detection quality by analyzing alert performance, tuning for signal, and building feedback loops between incidents and detections using Data-Driven Decision Making
- Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete detection and response solutions through First Principles Problem Solving
- Adapt quickly to evolving threats, tools, and priorities, helping the team maintain momentum and effectiveness through Change Agility
Requirements
- 5+ years of experience in detection and response, security engineering, or software engineering with a security focus
- Strong software engineering fundamentals with proficiency in Python, Go, Ruby, or similar languages, and experience working in production codebases
- Hands-on experience with cloud environments (AWS preferred), including services such as CloudTrail, GuardDuty, and VPC flow logs
- Experience with log aggregation and analysis platforms (e.g., Datadog, Splunk, ELK) and endpoint detection tools (e.g., SentinelOne, CrowdStrike)
Nice to Have
- Experience building AI/LLM-powered security tooling or applying AI to detection, triage, or investigation workflows
- Experience with detection-as-code frameworks or building custom detection pipelines
- Familiarity with containerized environments (Docker, Kubernetes, ECS/EKS)
- Experience with threat intelligence, threat hunting, forensics, or attacker tradecraft frameworks such as MITRE ATT&CK
Benefits
- Health (medical, vision, dental), life, and disability insurance
- Equity stock options
- Retirement plans
- Paid public holidays and unlimited PTO
- Paid maternity and parental leave
- Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
- Employee Assistance Program
Additional Information
- Employment at HackerOne is contingent on a background check
- Visa/work permit sponsorship is not available
- For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position