Security Engineer, Detection & Response
San Francisco, Hybrid
Full Time Mid-level / Intermediate USD 270K - 320K
Grammarly
Grammarly makes AI writing convenient. Work smarter with personalized AI guidance and text generation on any app or website.Grammarly offers a dynamic hybrid working model for this role. This flexible approach gives team members the best of both worlds: plenty of focus time along with in-person collaboration that helps foster trust, innovation, and a strong team culture.
About Grammarly
Grammarly is the world’s leading AI writing assistance company, and it is trusted by over 30 million people and 70,000 teams. From instantly creating a first draft to perfecting every message, Grammarly helps people at 96% of the Fortune 500 and teams at companies like Atlassian, Databricks, and Zoom get their point across—and get results—with best-in-class security practices that keep data private and protected. Founded in 2009, Grammarly is No. 14 on the Forbes Cloud 100, one of TIME’s 100 Most Influential Companies, one of Fast Company’s Most Innovative Companies in AI, and one of Inc.’s Best Workplaces.
The Opportunity
To achieve our ambitious goals, we’re looking for a Security Engineer to join our Detection and Response (DART) team. As a key member of our organization, you will be instrumental in safeguarding our digital assets and ensuring our security posture remains robust against emerging threats. If you have a passion for cybersecurity, a keen eye for detail, and extensive experience in security operations, we want to hear from you!
Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. You can hear more from our team on our technical blog.
As a DART engineer, you will
- Design, implement, and fine-tune advanced detection mechanisms to identify potential security threats and vulnerabilities within our environment proactively.
- Perform forensics and spearhead response efforts during security incidents. This includes triaging security alerts, taking relevant mitigation steps, and engaging with internal stakeholders to ensure swift resolution.
- Continuously tune our alerting rules to reduce false positives and enhance our signal-to-noise ratio, ensuring our detection systems are both effective and efficient.
- Participate in our team’s on-call rotation, providing expert guidance and rapid response to security incidents as they arise.
- Assist with the definition, creation, and maintenance of SIEM (Security Information and Event Management) detection rules and dashboards to provide clear, actionable insights.
- Streamline our security operations by authoring comprehensive runbooks, writing automation scripts, and building SOAR (Security Orchestration, Automation, and Response) capabilities to reduce manual intervention and improve response times.
- Improve our overall Incident Response process and ensure our readiness against adversaries.
- Actively work to burn down the detection backlog, enhancing our detection coverage and accuracy across all monitored systems and applications.
- Develop advanced detection strategies and tactics.
- Collaborate on project and roadmap planning.
Qualifications
- Has a minimum of 10 years in cybersecurity, with a focus on detection and response.
- Is proficient in SIEM platforms and scripting languages (Python) and has familiarity with SOAR tools.
- Has hands-on experience combating adversaries of varying sophistication (script kiddies to APT).
- Has a foundational understanding of Corporate Security, including Mac endpoint security and Crowdstrike EDR.
- Has professional experience with a commercial SIEM (Sumologic preferred).
- L1, L2 SOC experience or "SOC-less" model (MDR, etc.).
- Can define detection strategies and multi-quarter roadmaps.
- Has strong expertise in incident handling and forensic investigation, with a proven track record of managing complex security incidents.
- Has excellent analytical and problem-solving skills, with the ability to think critically under pressure.
- Demonstrates strong verbal and written communication skills, capable of interacting with technical and non-technical stakeholders alike.
- Has relevant industry certifications such as CISSP, GCIA, GCIH, or equivalent.
- Has excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
- Has strong communication skills and can explain complex security issues in understandable terms.
- Nurtures the talent in the team and raises the technical talent bar when recruiting for their team.
Compensation and Benefits
- Grammarly offers all team members competitive pay along with a benefits package encompassing the following and more:
- Excellent health care (including a wide range of medical, dental, vision, mental health, and fertility benefits)
- Disability and life insurance options
- 401(k) and RRSP matching
- Paid parental leave
- 20 days of paid time off per year, 12 days of paid holidays per year, two floating holidays per year, and flexible sick time
- Generous stipends (including those for caregiving, pet care, wellness, your home office, and more)
- Annual professional development budget and opportunities
We encourage you to apply.
At Grammarly, we value our differences, and we encourage all to apply—especially those whose identities are traditionally underrepresented in tech organizations. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, ancestry, national origin, citizenship, age, marital status, veteran status, disability status, political belief, or any other characteristic protected by law. Grammarly is an equal opportunity employer and a participant in the US federal E-Verify program (US). We also abide by the Employment Equity Act (Canada).
#LI-AD3
#LI-Hybrid
Tags: APT Automation CISSP Cloud CrowdStrike DART Databricks EDR Endpoint security Forensics GCIA GCIH Incident response Python Scripting SIEM SOAR SOC Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Fertility benefits Flex hours Flex vacation Health care Insurance Medical leave Parental leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.