Senior Security Engineer, Detection and Response

5+ years of experience in security technical engineering roles, with 3+ years focused on security operations, detection engineering or incident response. Hands-on experience with detection engineering and automation, including SIEMs, SOAR platforms, behavior analytics, and Detection-as-Code workflows. Strong understanding of modern attacker techniques and how they apply to cloud-native, SaaS, and identity-centric environments. Experience with endpoint, runtime, and forensic tools across multiple operating systems. Knowledge of cloud environments (e.g., AWS, GCP) and security best practices for cloud-native systems. Proficiency with scripting and infrastructure tools (e.g., Python, Bash, Terraform, CI/CD pipelines) to support automation and internal tooling. Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.

Design, build, and continuously improve threat detections across 1Password’s infrastructure, products, internal tools, and corporate environments. Lead and support security incident response activities, including investigation, containment, remediation, and post-incident learning. Apply threat intelligence and knowledge of attacker TTPs to detection development, threat hunting, alert triage, and response prioritization. Collaborate with Security, Infrastructure, and IT teams to improve security visibility, logging quality, and response readiness. Use automation, scripting, and Detection-as-Code practices to scale detection and response workflows and improve reliability. Own end-to-end security projects aligned with Detection & Response initiatives and broader security strategy. Participate in a shared on-call rotation and support high-severity incidents as needed. Contribute to operational maturity through playbooks, mentoring, tabletop exercises, audits, and cross-functional initiatives.