Detection Security Manager

Company Description

Freshworks makes it fast and easy for businesses to delight their customers and employees. We do this by taking a fresh approach to building and delivering software that is affordable, quick to implement, and designed for the end user. Headquartered in San Mateo, California, Freshworks has a global team operating from 13 global locations to serve more than 65,000 companies -- from startups to public companies – that rely on Freshworks software-as-a-service to enable a better customer experience (CRM, CX) and employee experience (ITSM). 

Freshworks’ cloud-based software suite includes Freshdesk (omni-channel customer support), Freshsales (sales automation), Freshmarketer (marketing automation), Freshservice (IT service desk), Freshchat (AI-powered bots), supported by Neo, our underlying platform of shared services.

Freshworks is featured in global national press including CNBC, Forbes, Fortune, Bloomberg and has been a BuiltIn Best Place to work in San Francisco and Denver for the last 3 years. Our customer ratings have earned Freshworks products TrustRadius Top Rated Software ratings and G2 Best of Awards for Best Feature Set, Best Value for the Price and Best Relationship. 

Job Description

The Senior Engineer - Cyber Defense will play a critical role in detecting, investigating, and mitigating security threats in a fast-paced SaaS environment. This position requires expertise in threat detection, incident response, security automation, cloud security, and end-user protection. The Senior Engineer will work closely with SOC, Threat Intelligence, Security Engineering, IT, and DevOps teams to strengthen the organization's cyber defense capabilities.
 

Threat Detection & Incident Response

• Conduct real-time security monitoring, detection, and response to cyber threats targeting cloud, SaaS, and corporate environments.

• Perform in-depth forensic investigations, malware analysis, and root cause analysis to prevent recurrence.

• Develop and maintain threat detection use cases, incident response playbooks, and automation workflows.

• Collaborate with SOC analysts and red teams to simulate, detect, and mitigate adversarial tactics.

Security Automation & Tooling

• Leverage SIEM, XDR, EDR, and SOAR platforms to automate detection and response processes.

• Develop scripts (Python, PowerShell, Bash) for log analysis, threat hunting, and forensic automation.

• Work with Security Engineering to enhance logging, alerting, and security control effectiveness.

Cloud & SaaS Security

• Investigate cloud security incidents, IAM misconfigurations, API threats, and container security breaches.

• Strengthen cloud-native security controls for AWS, Azure, and GCP environments.

• Ensure visibility and monitoring of SaaS applications for data exfiltration, insider threats, and account takeovers.

End-User Security & Identity Protection

• Investigate and mitigate phishing, business email compromise (BEC), and social engineering attacks.

• Strengthen endpoint security for laptops, mobile devices, and virtual desktops using EDR solutions.

• Work with IT and HR to drive security awareness programs, phishing simulations, and insider threat monitoring.

• Enhance identity protection through MFA, behavioral analytics, and zero-trust enforcement.

Cross-Team Collaboration & Compliance

• Work with Legal, Privacy, and Compliance teams to ensure cyber defense strategies align with regulatory frameworks (SOC 2, ISO 27001, GDPR, HIPAA).

• Conduct incident response drills, red-blue team exercises, and cyber defense training.

• Continuously improve security policies, procedures, and incident documentation based on lessons learned.

Qualifications

• 5+ years of experience in cyber defense, incident response, SOC operations, or threat intelligence.

• Experience in securing SaaS or cloud-native environments with large-scale security operations.

Technical Expertise

• Strong knowledge of SIEM, EDR/XDR, forensic analysis, and scripting languages (Python, PowerShell, Bash).

• Hands-on experience with cloud security (AWS, Azure, GCP), DevSecOps, and container security.

• Expertise in threat intelligence, cyber kill chain, and MITRE ATT&CK framework.

• Experience in identity security, phishing detection, and user behavior analytics.

Soft Skills & Leadership

• Ability to think like an attacker and respond like a defender in complex security scenarios.

• Strong problem-solving and decision-making skills under pressure.

• Ability to effectively communicate security risks to both technical and non-technical stakeholders.

• Excellent teamwork and collaboration in a fast-paced environment.

Certifications (Preferred but Not Mandatory)

• CISSP, GCIH, GCFA, OSCP, AWS Security Specialty, or other relevant certifications.

Additional Information

At Freshworks, we are creating a global workplace that enables everyone to find their true potential, purpose, and passion irrespective of their background, gender, race, sexual orientation, religion and ethnicity. We are committed to providing equal opportunity for all and believe that diversity in the workplace creates a more vibrant, richer work environment that advances the goals of our employees, communities and the business.