Key skills
Detection and ResponseSecurity Tooling DevelopmentPython ProgrammingCloud Security MonitoringIncident Response AutomationAttacker TTPs KnowledgeMalware AnalysisThreat Hunting MethodologiesKubernetesServerless TechnologiesDistributed Systems ObservabilityLog Analysis at ScalePythonServerlessCloud FunctionsCloudflareCommunicationCloud Security
About this role
Discord is a platform used by over 200 million people for gaming and communication. They are seeking a Senior Detection and Response Engineer to build scalable detection systems, automate response workflows, and lead incident response efforts to enhance security and privacy on their platform.
Responsibilities:
- Build detection systems at scale. Design and implement detections across cloud infrastructure, applications, and enterprise systems using large-scale log analysis and behavioral signals
- Engineer response automation. Develop tooling and workflows that reduce mean time to detection and response - turning manual playbooks into code
- Lead incident response. Serve as a subject matter expert during security incidents, driving investigations from initial triage through root cause analysis and remediation
- Architect observability. Partner with internal teams to identify new telemetry sources, improve log coverage, and ensure we have visibility where it matters
- Hunt proactively. Use threat intelligence and behavioral analysis to find malicious activity before alerts fire - then turn those hunts into production detections
- Ship production code. Contribute to a fast-moving codebase, deploying detection logic and automation tooling to production environments
- Mentor and elevate. Partner with our embedded response team - coaching on investigative techniques, detection engineering principles, and incident handling. Help build a culture of continuous learning and technical excellence
Requirements:
- 3+ years in Detection and Response as a senior IC, with demonstrated experience building (not just operating) security tooling
- 3+ years programming in Python or similar - you'll write production code, not just scripts
- Strong experience with cloud security monitoring and investigations
- Experience in building detections from large datasets and automating incident response processes
- Deep knowledge of attacker TTPs, malware analysis, and threat hunting methodologies
- Experience with container orchestration (Kubernetes) and/or serverless technologies (Cloud Functions, Workers)
- Familiarity with distributed systems observability and log analysis at scale
- Hands-on experience with Panther SIEM
- Background in BeyondCorp / Zero-trust environments
- Experience with Cloudflare security tooling
- Contributions to open-source security projects