Detection & Incident Response
Engineers in this role design and operate detection systems that identify security threats across AI infrastructure, cloud environments, and enterprise platforms, then lead investigations when incidents occur. They combine deep technical expertise in SIEM/SOAR platforms, forensics, and threat analysis with the ability to automate response workflows and mentor teams on detection improvements. These roles typically sit within dedicated Security Operations or Detection & Response teams at AI-native companies, where they bridge the gap between passive monitoring and proactive threat hunting while scaling security capabilities alongside rapid infrastructure growth.
Skills
What companies are looking for in this role.
Designing and implementing security information and event management platforms and infrastructure
Developing detection rules, correlation logic, and alert mechanisms to identify security threats
Monitoring security alerts and events across multiple platforms and data sources
Analyzing security incidents and conducting root cause analysis
Coordinating security incident response and serving as incident commander
Conducting threat hunting and proactive threat identification activities
Managing and leading security operations center teams and analysts
Researching and tracking threat actors, campaigns, and attack techniques
Building and maintaining incident response playbooks and runbooks
Translating threat intelligence into actionable detections and defense improvements
Designing log ingestion pipelines, normalization, and enrichment processes
Building data pipelines and telemetry collection systems for security analysis
Integrating and managing multiple security tools and third-party applications
Operating endpoint detection and response systems across diverse environments
Writing production-quality code and developing security tooling
Assessing security configurations and managing security state
Managing alert fatigue and optimizing alerting systems for high-volume environments
Performing digital forensics and memory forensics investigations
Developing and deploying automation and orchestration workflows for security response
Building detection systems using artificial intelligence and machine learning techniques
Designing containment mechanisms and entity-tracking systems across heterogeneous environments
Developing and operating deception detection systems such as honeypots and canary systems
Detecting and mitigating risks from autonomous AI agents and agentic systems
Collaborating across cross-functional teams to improve security posture
Communicating complex security concepts clearly to stakeholders at all levels
Leading and managing incident response teams during crises
Driving continuous improvement and automation of security processes
Mentoring and providing technical guidance to junior security personnel
Developing team members and coaching personnel for career growth
Navigating complex organizational environments and driving strategic change
Technology
The tools and technologies that define this role.
Open Jobs
62 open Detection & Incident Response jobs across 22 companies.
Other Security roles
Identifies and mitigates security vulnerabilities in applications and products.
Secures cloud infrastructure, networks, and systems.
Generalist security engineering role spanning multiple security domains. For security engineers who work across application, infrastructure, and cloud security without a single dominant specialization. The default home for "Security Engineer" titles when the function is clearly Security.
Conducts offensive security assessments including red teaming, penetration testing, and adversarial simulation.
Designs and maintains identity infrastructure, authentication systems, and access control policies.