Key skills
Security EngineeringDetection EngineeringIncident ResponsePythonGoProgramming LanguageSIEM PlatformsDetection RulesLog PipelinesEDR TechnologiesEndpoint InvestigationCloud Security FundamentalsAWS IAMNetworkingKubernetesDetection-as-CodeSOAR PlatformsSecurity AutomationIdentity SystemsAuthentication SystemsAutonomyRAnalyticsAWSIAMOktaSAMLSplunkCommunicationCloud Security
About this role
WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready. They are seeking a Detection & Response Security Engineer to enhance their detection capabilities, lead incident response, and build systems that improve security operations across their infrastructure and product platform.
Responsibilities:
- Build out our detection engineering capability. Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems. We want you to write detections as code — durable, tested, and version-controlled
- Own security incident response. Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments. Build playbooks and runbooks for repeatable response
- Extend detection into the product. Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities
- Build tooling and automation. Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities. We value engineering solutions over manual processes
- Improve visibility and logging. Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available. Identify gaps in monitoring coverage and close them
- Partner with our MDR provider. Collaborate to validate detections, tune rules, and coordinate on incidents. Grow our internal capability over time while maintaining the partnership
- Contribute to security operations maturity. Help build on-call rotation practices, tabletop exercises, post-incident reviews, and operational metrics for the security team
- Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events
Requirements:
- 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role
- Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering)
- Proficiency in Python, Go, or another general-purpose programming language
- Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts
- Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation
- Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics)
- Experience with incident response in production and/or corporate environments
- Strong written and verbal communication skills
- Experience with Detection-as-Code practices (version-controlled, tested detections)
- Familiarity with SOAR platforms and security automation
- Experience with identity/authentication systems (Okta, SAML, OIDC) — highly relevant given our product domain
- Prior experience building a D&R function from scratch
- Experience at a developer tools, identity/auth, or infrastructure company