Senior Security Engineer, Detection & Response

HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

Senior Security Engineer, Detection & Response

Remote Location: London, UK; Austin, TX; or Washington, DC

Position Summary

As a Senior Detection & Response Security Engineer, you will play a critical role in strengthening HackerOne’s security posture. You’ll design and implement cutting-edge detection strategies, automate response workflows, and lead incident response efforts to safeguard our systems and data.

This role requires a strategic thinker who thrives in a dynamic cloud-based environment. You’ll collaborate cross-functionally with Engineering, IT, Support, and other teams to build scalable security solutions that mitigate threats and drive operational excellence.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in London, UK; Austin, TX; or Washington, DC, and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

What You Will Do

• In your first week, you'll get your bearings, familiarize yourself with our processes, and our organization. After that, you will learn about our infrastructure and existing security tooling. Your focus will be on understanding our detection and response capabilities and developing recommendations to enhance them.

• You will meet the rest of the distributed security team at HackerOne and learn about our security strategy of focusing on three key things: World class compliance, world class detection and response, and being "customer zero": the experts in using HackerOne's products and services to secure an organization. 

• You will lead meaningful projects to implement your ideas and demonstratively improve HackerOne's detection and response capabilities by:

  • Evaluating potential detection techniques and tools and using them to create useful, actionable, high signal alerts. 

  • Developing automation and improving existing tooling and alerting to minimize alert fatigue and maximize effective incident response.

  • Collaborating will be key as you will work closely with IT, Engineering, Support and other teams across the company.

• You will play a vital role in managing security incidents, from assembling the response team to organizing and leading blameless retrospectives. You'll also help develop clear response processes for various types of incidents and playbooks for various alerts generated by our tools.

Minimum Qualifications  

• 5+ years of experience in detection and response related security roles

• Experience working with AWS (or similar cloud environment), Linux, OSX, SentinelOne (or other similar endpoint security software)

• Experience working with DataDog (or other similar log analysis and querying software)

• Familiarity with modern programming languages of some kind such as Ruby, Python, Rust, JavaScript, and similar.

• Proficient in responding to alerts and incidents within a cloud based SAAS environment

• Adaptable thinker, able to creatively solve old problems in new ways and new problems in old ways

• Strong collaboration and communication skills with other teams to plan a project, align priorities, lead and model the work, document your decisions, and complete the project 

• Understands ways to catch wily threat actors

• Possesses the fine art of crafting useful, actionable, high signal alerts

• Proficiency in automating detection and response processes through API calls, webhook creation, etc.

Preferred Qualifications

• AWS

• Containerization and Orchestration (Docker, Kubernetes, ECS, EKS)

Compensation Bands:

Austin and DC area

$147K – $184K • Offers Equity

London, UK

£88K – £110K • Offers Equity

#LI-Remote

#LI-HM1

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We are a Circle Back Initiative Employer and commit to responding to every applicant.

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

HackerOne Values

HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.