Aircall
Senior Security Engineer, Detection & Response - Bellevue
Aircall, Seattle, Washington, us, 98127
Senior Security Engineer, Detection & Response - Bellevue
As a Senior Security Engineer, Detection and Response you will contribute to develop, scale, and evolve Aircall’s threat detection and response capabilities. Take ownership of building detections from scratch, leading investigations, and driving the maturity of our detection program. Responsibilities Lead end-to-end development of detection logic: from threat modeling and hypothesis to writing, testing, tuning, and deploying detection rules and alerts (across logs, telemetry, host, network, cloud). Build detection pipelines, orchestration, triage logic, and automation for alert handling and response (e.g. SOAR, playbooks). Conduct threat hunts proactively in corporate and production environments, discovering anomalies and attacker behaviors before they escalate. Lead incident response: investigate, contain, remediate, and perform root cause analysis. Drive post-incident reviews and feed lessons learned back into detection strategy. Assess and fill gaps in visibility—work with engineering teams to ensure logging, instrumentation, and context are sufficient to detect relevant threats. Evolve detection maturity: turn simple signature-based alerts into more advanced behavioral, statistical, ML-driven, and adversary-informed detections, in line with detection engineering maturity models. Author and maintain detection documentation, runbooks, alert definitions, tuning guidelines, and metrics. Collaborate cross-functionally (Engineering, Product, Fraud, Privacy and Legal) to align detection and response work with product lifecycles and system architecture. Be part of on-call rotations or threat-response rotations; escalate, coordinate, and remove blockers during high-severity events. Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly. Participate in hiring, interview evaluation of Security and Infrastructure engineering candidates, and team growth. Minimum Qualifications 5+ years of hands-on experience in security operations, detection engineering, incident response, threat hunting, or similar fields (or equivalent combination). Deep knowledge of adversarial tactics, techniques, and procedures (TTPs), threat actor behavior, kill-chain or MITRE ATT&CK framework. Proven experience building detections from scratch (versus just tuning commercial alerts)—i.e. you can turn a hypothesis or a threat intel indicator into a production-quality detection with low false positive rate. Hands-on experience with SIEM or log analytics platforms (e.g. Elasticsearch, Splunk, Datadog, AWS Athena, OpenSearch or equivalent), and alerting/monitoring tooling. Proficiency with a programming or scripting language (e.g. Python, Go, or similar along with IaC - Terraform, Ansible) to build detection pipelines, automations, triage logic, or tooling Experience in digital forensics, host-based detection, endpoint telemetry, process/network visibility, cloud observability (logs, metrics, traces). Comfortable working in cloud-first environments (AWS, GCP, Azure) and instrumenting detection across cloud workloads, containers, serverless, etc. Experience responding to incidents (investigating logs, creating timelines, root cause, containment) in production environments. Familiarity with security automation / orchestration (SOAR), playbooks, response automation, and alert triage workflows. Strong communication skills; ability to translate complex detection logic, trade-offs and risk to engineers and leadership. High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight. Preferred Qualifications Experience with data analysis, statistics, anomaly detection, or relevant ML/heuristic techniques is a strong plus. Experience evaluating detection efficacy (precision, recall, signal-to-noise, tuning over time) Experience evolving detection maturity models (from basic rules to advanced behavioral detections) Open source detection tooling contributions $165,000 - $210,000 a year. This is not including equity and other benefits. The actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience. DE&I Statement: At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. We are committed to fostering inclusion and providing equal opportunities to develop and thrive. Aircall is an Equal Opportunity Employer. Employment is contingent upon successful completion of a background check where permitted by law.
#J-18808-Ljbffr
As a Senior Security Engineer, Detection and Response you will contribute to develop, scale, and evolve Aircall’s threat detection and response capabilities. Take ownership of building detections from scratch, leading investigations, and driving the maturity of our detection program. Responsibilities Lead end-to-end development of detection logic: from threat modeling and hypothesis to writing, testing, tuning, and deploying detection rules and alerts (across logs, telemetry, host, network, cloud). Build detection pipelines, orchestration, triage logic, and automation for alert handling and response (e.g. SOAR, playbooks). Conduct threat hunts proactively in corporate and production environments, discovering anomalies and attacker behaviors before they escalate. Lead incident response: investigate, contain, remediate, and perform root cause analysis. Drive post-incident reviews and feed lessons learned back into detection strategy. Assess and fill gaps in visibility—work with engineering teams to ensure logging, instrumentation, and context are sufficient to detect relevant threats. Evolve detection maturity: turn simple signature-based alerts into more advanced behavioral, statistical, ML-driven, and adversary-informed detections, in line with detection engineering maturity models. Author and maintain detection documentation, runbooks, alert definitions, tuning guidelines, and metrics. Collaborate cross-functionally (Engineering, Product, Fraud, Privacy and Legal) to align detection and response work with product lifecycles and system architecture. Be part of on-call rotations or threat-response rotations; escalate, coordinate, and remove blockers during high-severity events. Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly. Participate in hiring, interview evaluation of Security and Infrastructure engineering candidates, and team growth. Minimum Qualifications 5+ years of hands-on experience in security operations, detection engineering, incident response, threat hunting, or similar fields (or equivalent combination). Deep knowledge of adversarial tactics, techniques, and procedures (TTPs), threat actor behavior, kill-chain or MITRE ATT&CK framework. Proven experience building detections from scratch (versus just tuning commercial alerts)—i.e. you can turn a hypothesis or a threat intel indicator into a production-quality detection with low false positive rate. Hands-on experience with SIEM or log analytics platforms (e.g. Elasticsearch, Splunk, Datadog, AWS Athena, OpenSearch or equivalent), and alerting/monitoring tooling. Proficiency with a programming or scripting language (e.g. Python, Go, or similar along with IaC - Terraform, Ansible) to build detection pipelines, automations, triage logic, or tooling Experience in digital forensics, host-based detection, endpoint telemetry, process/network visibility, cloud observability (logs, metrics, traces). Comfortable working in cloud-first environments (AWS, GCP, Azure) and instrumenting detection across cloud workloads, containers, serverless, etc. Experience responding to incidents (investigating logs, creating timelines, root cause, containment) in production environments. Familiarity with security automation / orchestration (SOAR), playbooks, response automation, and alert triage workflows. Strong communication skills; ability to translate complex detection logic, trade-offs and risk to engineers and leadership. High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight. Preferred Qualifications Experience with data analysis, statistics, anomaly detection, or relevant ML/heuristic techniques is a strong plus. Experience evaluating detection efficacy (precision, recall, signal-to-noise, tuning over time) Experience evolving detection maturity models (from basic rules to advanced behavioral detections) Open source detection tooling contributions $165,000 - $210,000 a year. This is not including equity and other benefits. The actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience. DE&I Statement: At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. We are committed to fostering inclusion and providing equal opportunities to develop and thrive. Aircall is an Equal Opportunity Employer. Employment is contingent upon successful completion of a background check where permitted by law.
#J-18808-Ljbffr