Senior Security Engineer, Detection and Response
Location: Remote (Austin, TX hub preferred)
HackerOne is the global leader in Continuous Threat Exposure Management (CTEM). We unite cutting-edge agentic AI solutions with the unmatched ingenuity of the world’s largest community of security researchers. Our mission: to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems.
From bug bounties and vulnerability disclosure to agentic pentesting and AI red teaming, HackerOne delivers measurable, continuous reduction of cyber risk for the world's leading enterprises. Industry giants like Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, the UK Ministry of Defence, and the U.S. Department of Defense trust us to safeguard their digital ecosystems.
Recognized by Gartner for leadership in AI Security Testing and named a Most Loved Workplace for Young Professionals (2024), HackerOne is at a pivotal inflection point. Offensive security is no longer optional—it's the gold standard for organizations building trust and resilience in a world where AI-driven innovation and adversaries accelerate at unprecedented speeds. We stand apart by combining the power of the largest security research community with a best-in-class, AI-powered platform.
Our Values Drive Us: Customer Obsessed: Prioritizing customer outcomes in every decision and action. The Opportunity: Senior Security Engineer, Detection and Response This is a hands-on role where you will write code, build sophisticated AI-powered tooling, and automate workflows end-to-end across the full detection lifecycle. From identifying observability gaps to shipping high-signal detections and leading incident response when it matters most, you'll embed automation, intelligence, and AI to scale our small team's impact and continuously improve our defensive posture. We embrace a Flexible Work approach. This is a remote role, ideally suited for candidates within ~50 miles of Austin, Texas. This balance allows for occasional in-person collaboration, connection, and moments that enrich our culture, while preserving the benefits of remote work. What You Will Do: Engineer Detection-as-Code: Design, build, and maintain robust detection-as-code capabilities across cloud infrastructure (AWS), SaaS applications, endpoints, and identity systems. Improve coverage and signal quality through Data-Driven Decision Making. Minimum Qualifications: 5+ years of experience in detection and response, security engineering, or software engineering with a security focus. Preferred Qualifications: Experience building AI/LLM-powered security tooling or applying AI to detection, triage, or investigation workflows. Benefits That Empower You: Comprehensive Health (medical, vision, dental), life, and disability insurance* *Eligibility may differ by country. For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR). Important Considerations: Visa/work permit sponsorship is not available for this role. Our Commitment to Diversity & Inclusion:
Default to Disclosure: Operating with transparency and integrity, fostering trust and accountability.
Win Together: Empowering employees, researchers, customers, and partners through inclusion, respect, and shared accountability.
Are you ready to redefine Detection & Response? At HackerOne, we're not just triaging alerts; we're rebuilding our D&R function with an AI-first, engineering-centric approach. As a Senior Security Engineer, you will be instrumental in designing and delivering advanced detection and response capabilities that safeguard our modern, cloud-native environment.
As a Senior Security Engineer, your contributions will align with our values and define how we secure HackerOne:
Automate Response: Develop and implement automated investigation and response workflows that replace manual runbooks, leveraging AI First principles to scale triage, enrichment, containment, and remediation efforts.
Build AI-Powered Tools: Design and deploy AI/LLM-powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI First practices into daily workflows.
Lead Incident Response: Lead and actively participate in all phases of incident response, including detection, investigation, containment, and retrospectives. Apply First Principles Problem Solving to identify root causes and enhance long-term resilience.
Collaborate for Security: Partner cross-functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities directly into the development lifecycle.
Continuous Improvement: Continuously enhance detection quality by rigorously analyzing alert performance, tuning for signal, and building proactive feedback loops between incidents and detections, driven by Data-Driven Decision Making.
Proactive Problem Solving: Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete, actionable detection and response solutions through First Principles Problem Solving.
Adapt and Innovate: Adapt quickly to evolving threats, tools, and priorities, ensuring the team maintains momentum and effectiveness through strong Change Agility.
Strong software engineering fundamentals with proficiency in Python, Go, Ruby, or similar languages, and experience working in production codebases.
Hands-on experience with cloud environments (AWS preferred), including services such as CloudTrail, GuardDuty, and VPC flow logs.
Experience with log aggregation and analysis platforms (e.g., Datadog, Splunk, ELK) and endpoint detection tools (e.g., SentinelOne, CrowdStrike).
Experience with detection-as-code frameworks or building custom detection pipelines.
Familiarity with containerized environments (Docker, Kubernetes, ECS/EKS).
Experience with threat intelligence, threat hunting, forensics, or attacker tradecraft frameworks such as MITRE ATT&CK.
Equity stock options
Retirement plans
Paid public holidays and unlimited PTO
Paid maternity and parental leave
Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
Employee Assistance Program
Employment at HackerOne is contingent on a background check.
HackerOne is an Equal Opportunity Employer. We are committed to building a global team and providing a workplace free from discrimination and harassment. We make hiring decisions based solely on qualifications, merit, and business needs, regardless of race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all employment practices.
For US-based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.