Note: The job is a remote job and is open to candidates in USA. WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready. They are seeking a Detection & Response Security Engineer to enhance their detection capabilities, lead incident response, and build systems that improve security operations across their infrastructure and product platform.
Responsibilities
• Build out our detection engineering capability. Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems. We want you to write detections as code — durable, tested, and version-controlled
• Own security incident response. Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments. Build playbooks and runbooks for repeatable response
• Extend detection into the product. Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities
• Build tooling and automation. Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities. We value engineering solutions over manual processes
• Improve visibility and logging. Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available. Identify gaps in monitoring coverage and close them
• Partner with our MDR provider. Collaborate to validate detections, tune rules, and coordinate on incidents. Grow our internal capability over time while maintaining the partnership
• Contribute to security operations maturity. Help build on-call rotation practices, tabletop exercises, post-incident reviews, and operational metrics for the security team
• Participate in a shared on-call rotation for security incidents, with occasional evening or weekend availability for critical events
Skills
• 5+ years of experience in security engineering, detection engineering, incident response, or a related technical security role
• Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry experience (software engineering, SRE, network engineering)
• Proficiency in Python, Go, or another general-purpose programming language
• Hands-on experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts
• Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation
• Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics)
• Experience with incident response in production and/or corporate environments
• Strong written and verbal communication skills
• Experience with Detection-as-Code practices (version-controlled, tested detections)
• Familiarity with SOAR platforms and security automation
• Experience with identity/authentication systems (Okta, SAML, OIDC) — highly relevant given our product domain
• Prior experience building a D&R function from scratch
• Experience at a developer tools, identity/auth, or infrastructure company
Benefits
• Competitive pay
• Substantial equity grants
• Healthcare insurance (Medical, Dental and Vision) for you and your family
• 401k matching
• Wellness and fitness monthly allowances
• PTO + paid holidays + unlimited sick leave
• Autonomy and flexibility with remote work
Company Overview
• WorkOS is a unified platform with modern APIs and SDKs for enterprise-ready features. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 51-200 employees. Its website is https://workos.com.
Company H1B Sponsorship
• WorkOS has a track record of offering H1B sponsorships, with 1 in 2025, 1 in 2024, 1 in 2023, 1 in 2022, 1 in 2020. Please note that this does not guarantee sponsorship for this specific role.