Sr Detection & Response Engineer

The Senior Detection & Response Engineer is a hands-on technical role within MX’s Detection and Response team, focused on enhancing threat detection, incident response, and security operations efficiency. This position plays a critical part in unifying vulnerability management processes, optimizing the Devo SIEM platform to maximize business value, and performing analyst duties to triage inbound alerts, identify high-priority threats, and collaborate on building enrichments and automations.

Reporting directly to the Director of Security Architecture and Engineering, the Senior Detection & Response Engineer works cross-functionally with Security Operations, Incident Response, Vulnerability Management, and Engineering teams to mature detection capabilities, automate workflows, and ensure rapid, effective response to threats. This role emphasizes proactive threat hunting, rule development, and operational improvements to align with compliance requirements and organizational risk priorities.

Responsibilities

Threat Detection & Alert Triage

• Analyze inbound alerts from various sources, including the Devo SIEM, to identify and prioritize high-severity threats based on risk and impact.

• Perform detailed investigations of potential incidents, correlating data from endpoints, networks, cloud environments, and applications to determine root causes and scope.

• Collaborate with the team to develop and implement enrichments, such as custom parsers, dashboards, and integrations, to improve alert fidelity and reduce false positives.

Vulnerability Management Unification & Aggregation

• Contribute hands-on to unifying and aggregating vulnerability data from Snyk (developer-focused and container scanning), Tenable (infrastructure and cloud vulnerability assessment), and CrowdStrike (endpoint and cloud workload protection) into centralized platforms.

• Implement integrations and normalize vulnerability feeds from these tools, leveraging aggregators such as Axonius, Brinqa, or Vulcan Cyber for asset context, risk prioritization, deduplication, and workflow orchestration.

• Drive automated alerting, risk scoring, remediation tracking, and reporting within a vulnerability management aggregator using unified vulnerability intelligence.

• Partner with engineering teams to standardize vulnerability workflows, prioritize remediation based on business context, and ensure consistent patching and mitigation practices.

• Drive unified remediation and identity lifecycle processes, including creating Jira tickets integrated with asset management systems to distribute tickets directly to engineering teams' Jira boards.

• Contribute to automated escalations that notify managers, then directors, then VPs as SLA breaches are approaching.

Security Operations Efficiency & Automation

• Drive operational improvements by identifying inefficiencies in security processes and implementing automations using scripting, SOAR platforms, or Devo-native capabilities.

• Develop and maintain detection rules, use cases, and playbooks to enhance threat detection coverage and response times.

• Evangelize best practices for security operations, including shift-left security integration and proactive monitoring, to reduce mean time to detect (MTTD) and respond (MTTR).

Devo SIEM Optimization & Value Realization

• Optimize the Devo SIEM platform through configuration, tuning, and custom development to extract maximum business value, such as improved threat intelligence correlation and reporting.

• Build and maintain Devo queries, alerts, and visualizations to support real-time monitoring, historical analysis, and executive dashboards.

• Integrate Devo with other security tools (e.g., CrowdStrike, Snyk, Tenable, vulnerability aggregators) to create a unified security data lake for advanced analytics.

Threat Hunting & Incident Response Support

• Conduct proactive threat hunting using Devo and other tools to uncover hidden threats, anomalies, and indicators of compromise (IOCs).

• Develop and implement "first to know" strategies to ensure the security team detects incidents before they are reported by customers or engineering teams; define and track metrics such as detection source ratios (e.g., proactive detection vs. external reporting) to measure program effectiveness.

• Serve as an incident response lead or incident commander during high-severity events, coordinating cross-functional teams for effective containment, eradication, and recovery.

• Support incident response activities, including forensics, containment, eradication, and recovery, while documenting lessons learned to refine detection strategies.

• Lead and conduct tabletop exercises, red team simulations, and preparedness drills focused on scenarios like data breaches to test and improve response capabilities, ensuring team readiness and process maturity.

Compliance & Governance Support

• Ensure detection and response processes align with regulatory requirements, particularly in PCI DSS-regulated environments.

• Assist with audit preparation, evidence collection, and control validation related to incident management and vulnerability handling.

• Develop metrics and reporting to demonstrate security posture, operational efficiency, and ROI from security investments.

Mentorship & Cross-Team Collaboration

• Mentor junior engineers and analysts on detection engineering, response techniques, and tool usage.

• Create and maintain documentation, including runbooks, detection use cases, automation scripts, and training materials.

• Serve as a subject matter expert for detection and response queries, providing hands-on support and guidance to partner teams.

Qualifications

• 5+ years of hands-on experience in detection engineering, incident response, threat hunting, or security operations, with a proven track record of improving security programs.

• Strong expertise in SIEM platforms, preferably Devo, including query development, alert tuning, and integration with other security tools.

• Hands-on experience with vulnerability management and scanning tools such as Snyk, Tenable, and CrowdStrike, including integration and data normalization.

• Familiarity with vulnerability aggregation and risk management platforms (e.g., Axonius, Brinqa, Vulcan Cyber) for unifying asset and vulnerability data.

• Proficiency in automation and scripting (e.g., Python, Bash) for building enrichments, SOAR workflows, and operational efficiencies.

• Familiarity with related disciplines such as digital forensics, endpoint detection and response (EDR/XDR), network security monitoring, cloud security incident response, and malware analysis.

• Experience serving as an incident response lead/incident commander, developing "first to know" detection strategies, and conducting tabletop exercises for scenarios like data breaches.

• Experience operating in regulated environments, ideally PCI DSS, with knowledge of compliance controls for incident management and vulnerability remediation.

• Solid understanding of threat intelligence frameworks (e.g., MITRE ATT&CK), IOCs, and adversary tactics, techniques, and procedures (TTPs).

• Excellent analytical, problem-solving, and communication skills, with the ability to collaborate across teams and explain complex security concepts.

Work Environment

In this role, a significant aspect of the job involves working in the office for a standard 40-hour workweek. We believe that the collaborative nature of our work and the face-to-face interactions among team members are essential for fostering a dynamic and productive work environment. Being present in the office enables seamless communication, facilitates quick decision-making, and encourages spontaneous collaboration that contributes to the overall success of our projects. We value the synergy that comes from having our team members physically together, allowing for immediate problem-solving, idea exchange, and team building.

Compensation

The expected earnings for this role could be comprised of a base salary and other forms of cash compensation, such as bonus or commissions as applicable.

This pay range is just one component of MX’s total rewards package. MX takes a number of factors into account when determining individual starting pay, including job and level they are hired into, location, skillset, peer compensation.

**Please note applicants applying for this position must have the legal right to work in India without the need for sponsorship. We are unable to provide work sponsorship for this role, and candidates should be able to verify their eligibility to work in the country independently. Proof of eligibility to work in India will be required as part of the hiring process.