Key skills
DetectionResponseSecurity EngineeringSoftware EngineeringPythonGoRubyCloud EnvironmentsAWSCloudTrailGuardDutyVPC Flow LogsLog AggregationAnalysisDatadogSplunkELKEndpoint Detection ToolsSentinelOneCrowdStrikeData-Driven Decision MakingFirst Principles Problem SolvingChange AgilityAILLMKubernetesDockerECSEKSSaaSDecision MakingProblem Solving
About this role
HackerOne is a global leader in Continuous Threat Exposure Management (CTEM) and is seeking a Senior Security Engineer to enhance their Detection & Response function with an AI-first approach. This role involves designing and delivering detection and response capabilities to protect a cloud-native environment, focusing on automation and incident response.
Responsibilities:
- Design, build, and maintain detection-as-code capabilities across cloud infrastructure, SaaS applications, endpoints, and identity systems, improving coverage and signal quality through Data-Driven Decision Making
- Build automated investigation and response workflows that replace manual runbooks, leveraging AI First principles to scale triage, enrichment, containment, and remediation
- Develop and deploy AI/LLM-powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI First practices into daily workflows
- Lead and participate in incident response, including detection, investigation, containment, and retrospectives, applying First Principles Problem Solving to identify root causes and improve long-term resilience
- Partner cross-functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle
- Continuously improve detection quality by analyzing alert performance, tuning for signal, and building feedback loops between incidents and detections using Data-Driven Decision Making
- Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete detection and response solutions through First Principles Problem Solving
- Adapt quickly to evolving threats, tools, and priorities, helping the team maintain momentum and effectiveness through Change Agility
Requirements:
- 5+ years of experience in detection and response, security engineering, or software engineering with a security focus
- Strong software engineering fundamentals with proficiency in Python, Go, Ruby, or similar languages, and experience working in production codebases
- Hands-on experience with cloud environments (AWS preferred), including services such as CloudTrail, GuardDuty, and VPC flow logs
- Experience with log aggregation and analysis platforms (e.g., Datadog, Splunk, ELK) and endpoint detection tools (e.g., SentinelOne, CrowdStrike)
- Experience building AI/LLM-powered security tooling or applying AI to detection, triage, or investigation workflows
- Experience with detection-as-code frameworks or building custom detection pipelines
- Familiarity with containerized environments (Docker, Kubernetes, ECS/EKS)
- Experience with threat intelligence, threat hunting, forensics, or attacker tradecraft frameworks such as MITRE ATT&CK