[Hiring] Detection & Response Security Engineer @WorkOS

Role Description

We are looking for a Detection & Response Security Engineer to take our D&R capabilities to the next level.

• Build out our detection engineering capability.
• Design and implement detection logic across our SIEM, EDR, cloud security tools, and identity systems.
• Own security incident response.
• Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments.
• Extend detection into the product.
• Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities.
• Build tooling and automation.
• Improve visibility and logging.
• Partner with our MDR provider.
• Contribute to security operations maturity.
• Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events.

Qualifications

• 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role.
• Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering).
• Proficiency in Python, Go, or another general-purpose programming language.
• Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts.
• Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation.
• Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics).
• Experience with incident response in production and/or corporate environments.
• Strong written and verbal communication skills.

Requirements

• Experience with Detection-as-Code practices (version-controlled, tested detections).
• Familiarity with SOAR platforms and security automation.
• Experience with identity/authentication systems (Okta, SAML, OIDC) — highly relevant given our product domain.
• Prior experience building a D&R function from scratch.
• Experience at a developer tools, identity/auth, or infrastructure company.

Benefits

• Competitive pay
• Substantial equity grants
• Healthcare insurance (Medical, Dental and Vision) for you and your family
• 401k matching
• Wellness and fitness monthly allowances
• PTO + paid holidays + unlimited sick leave
• Autonomy and flexibility with remote work