Building strong detection foundations and response frameworks to advance HubSpot’s security posture.
Driving the development of automated detection systems and prioritizing mitigations based on current threats and coverage gaps.
Partnering closely with engineering teams to supply data for purple team exercises and implement practical solutions that mitigate risks.
Guiding architectural decisions for our corporate security logging infrastructure and SIEM.
Contributing code to security automations, reviewing designs for detection reliability, and providing technical mentorship to engineers.
Acting as a key point of contact for threat intelligence and incident response expertise.
Supporting incident response efforts by aiding in investigations and understanding bad actor behaviors.

10-15 years of experience in software development and information security, with a focus on detection engineering, threat intelligence, and incident response.
Proven experience in designing and implementing automated detection systems and managing large-scale security logging infrastructure (e.g., Splunk, SIEM).
Expert knowledge of endpoint and network detection (EDR/SASE), and hands-on experience with tools like CrowdStrike Falcon for investigation and response.
Deep understanding of incident response methodologies and frameworks such as NIST 800-61, SANS, and the ability to lead high-severity CritSits.
Demonstrated experience in correlating diverse telemetry (identity, cloud, network) to detect post-entry behavior and contain threats quickly.
Experience managing and ingesting Indicators of Compromise (IOCs) and mapping actor techniques to standards like STIX/TAXII.
Excellent communication skills, with the ability to articulate complex threat landscapes to both technical and non-technical audiences.
Relevant industry certifications (e.g., GCIH, GCFA, CISSP, or vendor-specific EDR certifications).

Principal Software Engineer, Security, Detection & Response

Key skills