Nerdy
Overview
Remote - San Jose You are an AI-powered Security Engineer responsible for identifying and responding to malicious or suspicious activity across our environment with speed and confidence. This role leads the engineering work behind these capabilities—designing scalable systems to detect threats and trigger automated responses. You will integrate AI into detection and response workflows to accelerate rule development, streamline enrichment, and reduce investigation time, with human validation ensuring precision and alignment. As a cloud-first SaaS company relying on a broad portfolio of SaaS tools, we generate large volumes of event data across identity, endpoint, infrastructure, and collaboration systems. The scale and complexity of this telemetry demand improved detection engineering and automation. This is a platform engineering role focused on building and operating a modern detection pipeline integrated with security automation workflows. You will use Python, structured data, and widely adopted frameworks for mapping adversary behaviors and response logic to drive faster, more effective security outcomes. This role is not a support or triage position but a strategic contributor to our security infrastructure. About Nerdy
At Nerdy (NYSE: NRDY) - the company behind Varsity Tutors - we’re redrawing the blueprint of learning. Our Live + AI platform fuses real-time human expertise with proprietary generative-AI systems, setting a new bar for measurable academic impact at global scale. We recruit technologists and operators who ship code, iterate quickly, and compound their advantage with every data point. Fortune favors the bold. Join us. How we compete
AI-Native at every level
From the CEO to day-one hires, everyone builds and ships with generative AI. If you’re not wielding AI, you’re not done. Entrepreneurial velocity
Move at founder speed, prototype in hours, and measure in real user outcomes. Slow teams die. Free-market rigor
Ideas rise or fall on merit and results - no committees, no politics, no cap on upside. Full-stack ownership
You design, build, and run what you ship; accountability is a feature, not a bug. Reward for contribution
Pay rises with impact, not years. Outstanding results earn outsized rewards. We evaluate both what you achieve and how you achieve it: living our leadership principles and using AI effectively are formally measured and rewarded. Relentless exploration
Push the frontier of generative AI in live learning and questioning legacy assumptions. Is Apolitical
You stay focused on mission-aligned outcomes, not distractions or unrelated causes. If you’re a technically minded builder who thrives on open competition, personal responsibility, and the chance to redefine how the world learns, come do the most ambitious and rewarding work of your career here. Learn more at nerdy.com. Nerdy’s shareholder letters explain our latest products and strategy. Qualifications
5+ years in security engineering, detection engineering, or threat-focused automation roles. Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns. Familiarity with MITRE D3FEND for defense-in-depth and response playbook design. Strong Python scripting skills for integrations, enrichment logic, and playbook development. Experience working with structured data formats such as JSON, YAML, logs, and metrics. Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS. Understanding of event-driven architecture and API-driven integrations. Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy. Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes. Preferred: Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms. Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD. Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries. Experience with MITRE frameworks: ATT&CK, D3FEND, and ATLAS. Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet). Responsibilities
Implement and operate detection systems, including a scalable cloud-native SIEM platform supporting ingestion from identity, endpoint, SaaS, and infrastructure sources. Develop and maintain detection coverage maps aligned to MITRE ATT&CK techniques, threat modeling, and incident history. Leverage AI to accelerate detection rule creation, enrichment, and triage insights, and conduct AI-assisted threat hunting to surface novel behaviors and codify them as deterministic detections. Build detection observability tools and dashboards to monitor rule effectiveness, alert volumes, and system performance. Design and implement SOAR workflows and automated response playbooks with built-in observability, rollback, and reliability controls. Leverage AI within SOAR for adaptive enrichment, workflow generation, and documentation, while continuously tuning automation based on incident outcomes. Lead incident response activities as part of the incident commander rotation, and drive continuous improvement of runbooks and playbooks using lessons learned and AI support for timelines and summaries. Collaborate cross-functionally with engineering and business stakeholders to embed detection and response into system design, operational processes, and organizational priorities. Benefits and culture
Competitive USD Compensation and 100% Remote options; flexible time off; local holiday pay; continuous learning memberships; AI tools access; and collaborative, feedback-rich culture. Apply
Interested in building your career at Nerdy? Fill out the application form below.
#J-18808-Ljbffr
Remote - San Jose You are an AI-powered Security Engineer responsible for identifying and responding to malicious or suspicious activity across our environment with speed and confidence. This role leads the engineering work behind these capabilities—designing scalable systems to detect threats and trigger automated responses. You will integrate AI into detection and response workflows to accelerate rule development, streamline enrichment, and reduce investigation time, with human validation ensuring precision and alignment. As a cloud-first SaaS company relying on a broad portfolio of SaaS tools, we generate large volumes of event data across identity, endpoint, infrastructure, and collaboration systems. The scale and complexity of this telemetry demand improved detection engineering and automation. This is a platform engineering role focused on building and operating a modern detection pipeline integrated with security automation workflows. You will use Python, structured data, and widely adopted frameworks for mapping adversary behaviors and response logic to drive faster, more effective security outcomes. This role is not a support or triage position but a strategic contributor to our security infrastructure. About Nerdy
At Nerdy (NYSE: NRDY) - the company behind Varsity Tutors - we’re redrawing the blueprint of learning. Our Live + AI platform fuses real-time human expertise with proprietary generative-AI systems, setting a new bar for measurable academic impact at global scale. We recruit technologists and operators who ship code, iterate quickly, and compound their advantage with every data point. Fortune favors the bold. Join us. How we compete
AI-Native at every level
From the CEO to day-one hires, everyone builds and ships with generative AI. If you’re not wielding AI, you’re not done. Entrepreneurial velocity
Move at founder speed, prototype in hours, and measure in real user outcomes. Slow teams die. Free-market rigor
Ideas rise or fall on merit and results - no committees, no politics, no cap on upside. Full-stack ownership
You design, build, and run what you ship; accountability is a feature, not a bug. Reward for contribution
Pay rises with impact, not years. Outstanding results earn outsized rewards. We evaluate both what you achieve and how you achieve it: living our leadership principles and using AI effectively are formally measured and rewarded. Relentless exploration
Push the frontier of generative AI in live learning and questioning legacy assumptions. Is Apolitical
You stay focused on mission-aligned outcomes, not distractions or unrelated causes. If you’re a technically minded builder who thrives on open competition, personal responsibility, and the chance to redefine how the world learns, come do the most ambitious and rewarding work of your career here. Learn more at nerdy.com. Nerdy’s shareholder letters explain our latest products and strategy. Qualifications
5+ years in security engineering, detection engineering, or threat-focused automation roles. Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns. Familiarity with MITRE D3FEND for defense-in-depth and response playbook design. Strong Python scripting skills for integrations, enrichment logic, and playbook development. Experience working with structured data formats such as JSON, YAML, logs, and metrics. Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS. Understanding of event-driven architecture and API-driven integrations. Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy. Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes. Preferred: Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms. Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD. Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries. Experience with MITRE frameworks: ATT&CK, D3FEND, and ATLAS. Experience with OWASP guidance on application telemetry and detection (e.g., AppSensor, Logging Cheat Sheet). Responsibilities
Implement and operate detection systems, including a scalable cloud-native SIEM platform supporting ingestion from identity, endpoint, SaaS, and infrastructure sources. Develop and maintain detection coverage maps aligned to MITRE ATT&CK techniques, threat modeling, and incident history. Leverage AI to accelerate detection rule creation, enrichment, and triage insights, and conduct AI-assisted threat hunting to surface novel behaviors and codify them as deterministic detections. Build detection observability tools and dashboards to monitor rule effectiveness, alert volumes, and system performance. Design and implement SOAR workflows and automated response playbooks with built-in observability, rollback, and reliability controls. Leverage AI within SOAR for adaptive enrichment, workflow generation, and documentation, while continuously tuning automation based on incident outcomes. Lead incident response activities as part of the incident commander rotation, and drive continuous improvement of runbooks and playbooks using lessons learned and AI support for timelines and summaries. Collaborate cross-functionally with engineering and business stakeholders to embed detection and response into system design, operational processes, and organizational priorities. Benefits and culture
Competitive USD Compensation and 100% Remote options; flexible time off; local holiday pay; continuous learning memberships; AI tools access; and collaborative, feedback-rich culture. Apply
Interested in building your career at Nerdy? Fill out the application form below.
#J-18808-Ljbffr