Key skills
DetectionResponseDetection EngineeringDigital ForensicsIncident ResponseThreat IntelligenceAttacker tactics techniquesproceduresCloud environmentsAutomationPythonTechnical innovationInfluenceRAI
About this role
Benchling is the AI platform for biotech R&D, and they are seeking a Detection and Response Engineer to build a best-in-class security program. The role involves investigating security events, developing threat detections, and coordinating incident responses while emphasizing automation and security maturity.
Responsibilities:
- Investigating security events across the organization using your experience and knowledge in multiple security domains (log analysis, digital forensics, or malware analysis)
- Creating, deploying and maintaining high signal threat detections based on your understanding of threat actor TTPs
- Architecting a highly scalable incident response process by developing, applying and refining automation for steps of the Incident Response life cycle
- Coordinating multi-functional incident response during security incidents, assisting partner teams during non-security incidents
- Researching new detection mechanisms for attack vectors and techniques relevant to our space and presenting findings to both internal and external audiences
- Evaluating external tooling, developing new automation and tooling
- Helping to rapidly scale our team. As a member of the security team, you'll be an integral part of how we mature our own tooling, best practices, engineering processes, and hiring
Requirements:
- 5+ years experience in Detection and Response (Detection Engineering, Digital Forensics, Incident Response, and/or Threat Intelligence)
- Strong communicator with both words and data - you have experience communicating to a wide variety of stakeholders under varying conditions
- Experience as an incident responder responsible for leading multi-team incidents
- Technical innovation skills (you enjoy finding technical solutions, learning new technology, evangelizing security and privacy)
- Ability to move forward major projects in ambiguous situations through influence and not authority
- Practical experience with attacker tactics, techniques, and procedures
- Comfortable with complexity in the short term but can build towards simplicity in the long term
- Experience with cloud environments and automation
- Relevant development experience in at least one scripting language, preferably Python