Senior Detection and Response Engineer

Location: Remote within USA

AlphaSense's DxR team is looking for a Detection & Response Engineer who thrives at the intersection of threat detection, security automation, and incident response. You'll build and tune detections in SIEM, respond to real incidents, and serve as a Tier 3 escalation resource for our 24/7 SOC. This is a hands-on role — you'll own your detections end-to-end and be the last line of defense before executive escalation.

You'll be joining a fast-paced security organization that emphasizes automation, engineering-driven approaches, and systematic problem-solving. Our team operates at the intersection of security operations, detection engineering, incident response, and infrastructure security. We value practical solutions, measurable outcomes, and continuous improvement.

• Author, tune, and maintain detection rules in SIEM across cloud, identity, and endpoint log sources
• Convert and adapt SIGMA/YARA-L rules and threat intelligence into SIEM detections
• Continuously reduce false positives and improve detection fidelity.
• Map detections to MITRE ATT&CK and track coverage across the kill chain

• Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
• Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
• Handle Incident Response processes and procedures as needed

• Act as the senior escalation point for complex, ambiguous, or high-severity incidents 
• Lead technical investigation for P1/P2 incidents — scoping, containment, eradication, and recovery
• Coordinate with IT, Engineering, Legal, and CISO during major security events
• Drive tabletop exercises and IR simulations to test and improve team readiness

• Proactively hunt for threats across the environment using SIEM, CrowdStrike, and BigQuery
• Consume and operationalize threat intelligence feeds into new or updated detections
• Track emerging TTPs relevant to SaaS, fintech, and AI-adjacent threat actors

• 7+ years in security engineering, detection engineering, or IR / SOC (Tier 2 or above)
• Hands-on experience with a SIEM and SOAR solution
• Strong understanding of MITRE ATT&CK and how to apply it to detection and response
• Strong experience investigating incidents in cloud environments (AWS, GCP, or Azure) and solid grasp of Cloud, identity and Endpoint security threats.
• Comfortable writing detection logic, scripts, or automation (Python, YARA-L, SIGMA, or similar)
• Experience with purple team activities, adversary emulation, or red teaming.
• Clear written and verbal communication — you can brief a CISO and a junior analyst on the same incident.

• Experience implementing and migrating SIEM solution
• Familiarity with SOAR platforms — BlinkOps, Tines, Splunk SOAR, or similar
• Security certifications: GCIH, GCIA, GCFE, CySA+, or equivalent
• Experience with CI/CD practices for detection-as-code and automation-as-code.

• High-Impact Leadership Role: Own critical security capabilities (detection, automation, hunting) with direct organizational impact
• Greenfield Opportunities: Architect and build SOAR platform from the ground up and lead major SIEM migration efforts
• Technical Depth: Solve complex problems at scale with Modern security stack
• Scale & Complexity: Protect a critical platform serving enterprise customers with sophisticated threats
• Autonomy & Influence: Shape security architecture decisions, tool evaluations, and team direction
• Growing Team: Join a growing team with clear structure, specialized roles, and growth trajectory
• Balance & Variety: Split time between strategic architecture (detection, SOAR) and hands-on execution (hunting, investigation)
• Innovation Culture: Implement detection-as-code, automation-as-code, and data-driven security practices