Principal Software Engineer, Security, Detection & Response

HubSpot is looking for a talented Principal Software Engineer to shape and deliver advanced detection engineering, threat intelligence, and incident response solutions supporting our growing platform. In this pivotal org-impacting role, you will use your extensive hands-on engineering experience to influence the technical direction of our detection and response capabilities, implement best-in-class security practices, and help attain high standards for operational excellence.

Responsibilities:

• Building strong detection foundations and response frameworks to advance HubSpot’s security posture
• Driving the development of automated detection systems and prioritizing mitigations based on current threats and coverage gaps
• Partnering closely with engineering teams to supply data for purple team exercises and implement practical solutions that mitigate risks
• Guiding architectural decisions for our corporate security logging infrastructure and SIEM
• Contributing code to security automations, reviewing designs for detection reliability, and providing technical mentorship to engineers
• Acting as a key point of contact for threat intelligence and incident response expertise
• Supporting incident response efforts by aiding in investigations, understanding bad actor behaviors, and proactively anticipating future actions
• Working closely with product managers and legal/privacy partners to ensure incident response standards like NIST and SANS are woven into our lifecycle
• Producing actionable intelligence by filtering and correlating data from indicators of compromise (IOCs) using platforms like Splunk and CrowdStrike

Requirements:

• 10-15 years of experience in software development and information security, with a focus on detection engineering, threat intelligence, and incident response
• Proven experience in designing and implementing automated detection systems and managing large-scale security logging infrastructure (e.g., Splunk, SIEM)
• Expert knowledge of endpoint and network detection (EDR/SASE), and hands-on experience with tools like CrowdStrike Falcon for investigation and response
• Deep understanding of incident response methodologies and frameworks such as NIST 800-61, SANS, and the ability to lead high-severity CritSits
• Demonstrated experience in correlating diverse telemetry (identity, cloud, network) to detect post-entry behavior and contain threats quickly
• Experience managing and ingesting Indicators of Compromise (IOCs) and mapping actor techniques to standards like STIX/TAXII
• Excellent communication skills, with the ability to articulate complex threat landscapes to both technical and non-technical audiences
• Relevant industry certifications (e.g., GCIH, GCFA, CISSP, or vendor-specific EDR certifications)