Energy Jobline ZR
Senior Security Engineer, Detection & Response - Bellevue in Seattle
Energy Jobline ZR, Seattle, Washington, us, 98127
Aircall is the world’s leading integrated customer communications and intelligence platform for growing businesses. Trusted by over 20,000 companies worldwide, Aircall unifies voice and digital channels into a single seamless platform, connecting sales and support teams to deliver exceptional customer experiences.
About Aircall With a global team of 600+ employees across nine offices—including Paris, New York, San Francisco, Sydney, Madrid, London, Berlin, Seattle, and Mexico City—Aircall is transforming how businesses connect with their customers. We value customer obsession, continuous learning, and delivering extraordinary outcomes. Collaboration, ownership, and smart decision‑making at speed are essential to our culture.
Position Overview As a Senior Security Engineer, Detection and Response, you will develop, scale, and evolve Aircall’s threat detection and response capabilities. You will take ownership of building detections from scratch, leading investigations, and driving the maturity of our detection program.
Responsibilities
Lead end‑to‑end development of detection logic: from threat modeling and hypothesis to writing, testing, tuning, and deploying detection rules and alerts across logs, telemetry, host, network, and cloud.
Build detection pipelines, orchestration, triage logic, and automation for alert handling and response, including SOAR and playbooks.
Conduct proactive threat hunts in corporate and production environments, discovering anomalies and attacker behaviors before escalation.
Lead incident response: investigate, contain, remediate, perform root cause analysis, and drive post‑incident reviews to feed lessons learned back into detection strategy.
Assess and fill visibility gaps—work with engineering teams to ensure logging, instrumentation, and context are sufficient for threat detection.
Evolve detection maturity: advance from simple signature‑based alerts to behavioral, statistical, ML‑driven, and adversary‑informed detections aligned with detection engineering maturity models.
Author and maintain detection documentation, runbooks, alert definitions, tuning guidelines, and metrics.
Collaborate cross‑functionally (Engineering, Product, Fraud, Privacy & Legal) to align detection and response work with product lifecycles and system architecture.
Participate in on‑call or threat‑response rotations, escalating and coordinating blockers during high‑severity events.
Stay current on attacker techniques (MITRE ATT&CK, red‑team reports, threat intel) and propose new detection patterns or responses.
Participate in hiring, interview evaluation of Security and Infrastructure engineering candidates, and team growth.
Minimum Qualifications
5+ years of experience in security operations, detection engineering, incident response, threat hunting, or related fields.
Deep knowledge of adversarial tactics, techniques, and procedures, including the MITRE ATT&CK framework.
Proven ability to build detections from scratch with low false‑positive rates.
Hands‑on experience with SIEM or log analytics platforms (Elasticsearch, Splunk, Datadog, AWS Athena, OpenSearch, etc.) and alerting/monitoring tooling.
Proficiency with a programming or scripting language (Python, Go, etc.) and IaC (Terraform, Ansible) to build detection pipelines, automations, and triage logic.
Experience in digital forensics, host‑based detection, endpoint telemetry, process/network visibility, and cloud observability (logs, metrics, traces).
Comfortable working in cloud‑first environments (AWS, GCP, Azure) and instrumenting detections across cloud workloads, containers, and serverless functions.
Experience responding to incidents, creating timelines, root‑cause analysis, and containment in production environments.
Familiarity with security automation/orchestration (SOAR), playbooks, and alert triage workflows.
Strong communication skills; ability to translate complex detection logic, trade‑offs, and risk to engineers and leadership.
High degree of autonomy, initiative, and ownership; ability to drive initiatives with minimal oversight.
Additional Qualifications
Experience with data analysis, anomaly detection, or relevant ML/heuristic techniques.
Experience evaluating detection efficacy (precision, recall, signal‑to‑noise) and tuning over time.
Experience evolving detection maturity models from basic rules to advanced behavioral detections.
Contributions to open‑source detection tooling.
Benefits Competitive salary package with equity, comprehensive medical, dental, and vision insurance, unlimited paid time off, wellness, internet and childcare reimbursements, and generous parental leave policy.
DE&I Statement Aircall is committed to equity, diversity, and inclusion. We value individuals regardless of origin, background, or orientation and strive to create a workplace where everyone feels respected, valued, and empowered to thrive.
Apply To apply for this role, please follow the application process via our careers portal.
#J-18808-Ljbffr
About Aircall With a global team of 600+ employees across nine offices—including Paris, New York, San Francisco, Sydney, Madrid, London, Berlin, Seattle, and Mexico City—Aircall is transforming how businesses connect with their customers. We value customer obsession, continuous learning, and delivering extraordinary outcomes. Collaboration, ownership, and smart decision‑making at speed are essential to our culture.
Position Overview As a Senior Security Engineer, Detection and Response, you will develop, scale, and evolve Aircall’s threat detection and response capabilities. You will take ownership of building detections from scratch, leading investigations, and driving the maturity of our detection program.
Responsibilities
Lead end‑to‑end development of detection logic: from threat modeling and hypothesis to writing, testing, tuning, and deploying detection rules and alerts across logs, telemetry, host, network, and cloud.
Build detection pipelines, orchestration, triage logic, and automation for alert handling and response, including SOAR and playbooks.
Conduct proactive threat hunts in corporate and production environments, discovering anomalies and attacker behaviors before escalation.
Lead incident response: investigate, contain, remediate, perform root cause analysis, and drive post‑incident reviews to feed lessons learned back into detection strategy.
Assess and fill visibility gaps—work with engineering teams to ensure logging, instrumentation, and context are sufficient for threat detection.
Evolve detection maturity: advance from simple signature‑based alerts to behavioral, statistical, ML‑driven, and adversary‑informed detections aligned with detection engineering maturity models.
Author and maintain detection documentation, runbooks, alert definitions, tuning guidelines, and metrics.
Collaborate cross‑functionally (Engineering, Product, Fraud, Privacy & Legal) to align detection and response work with product lifecycles and system architecture.
Participate in on‑call or threat‑response rotations, escalating and coordinating blockers during high‑severity events.
Stay current on attacker techniques (MITRE ATT&CK, red‑team reports, threat intel) and propose new detection patterns or responses.
Participate in hiring, interview evaluation of Security and Infrastructure engineering candidates, and team growth.
Minimum Qualifications
5+ years of experience in security operations, detection engineering, incident response, threat hunting, or related fields.
Deep knowledge of adversarial tactics, techniques, and procedures, including the MITRE ATT&CK framework.
Proven ability to build detections from scratch with low false‑positive rates.
Hands‑on experience with SIEM or log analytics platforms (Elasticsearch, Splunk, Datadog, AWS Athena, OpenSearch, etc.) and alerting/monitoring tooling.
Proficiency with a programming or scripting language (Python, Go, etc.) and IaC (Terraform, Ansible) to build detection pipelines, automations, and triage logic.
Experience in digital forensics, host‑based detection, endpoint telemetry, process/network visibility, and cloud observability (logs, metrics, traces).
Comfortable working in cloud‑first environments (AWS, GCP, Azure) and instrumenting detections across cloud workloads, containers, and serverless functions.
Experience responding to incidents, creating timelines, root‑cause analysis, and containment in production environments.
Familiarity with security automation/orchestration (SOAR), playbooks, and alert triage workflows.
Strong communication skills; ability to translate complex detection logic, trade‑offs, and risk to engineers and leadership.
High degree of autonomy, initiative, and ownership; ability to drive initiatives with minimal oversight.
Additional Qualifications
Experience with data analysis, anomaly detection, or relevant ML/heuristic techniques.
Experience evaluating detection efficacy (precision, recall, signal‑to‑noise) and tuning over time.
Experience evolving detection maturity models from basic rules to advanced behavioral detections.
Contributions to open‑source detection tooling.
Benefits Competitive salary package with equity, comprehensive medical, dental, and vision insurance, unlimited paid time off, wellness, internet and childcare reimbursements, and generous parental leave policy.
DE&I Statement Aircall is committed to equity, diversity, and inclusion. We value individuals regardless of origin, background, or orientation and strive to create a workplace where everyone feels respected, valued, and empowered to thrive.
Apply To apply for this role, please follow the application process via our careers portal.
#J-18808-Ljbffr