We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as grows.
Responsibilities:
Own and mature Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.
Requirements: Five (5) + years of experience in Engineering / Security Engineering
We build solutions when faced with a capability gap
Youre very comfortable with Kubernetes, Helm, and Terraform
Youre very comfortable with Python, Typescript, or Go
Two (2) + years of experience in Incident Response role
Youve led at least 2 high risk production security incidents
Youve handled the investigation of hundreds of client endpoint security alerts
Bonus points for significant experience in macOS
Youve developed or improved threat detection and signal triage programs
Two (2) + years of experience managing enterprise wide security projects
You have a strong opinion on what a project plan doc should look like
Youve owned and delivered the migration of a high impact security tool (EDR, SIEM, ZTNA, etc.)
This position is open to all candidates.