Security Engineer, Detection & Response

• You're a security engineer with a strong software engineering background who'd rather write detection-as-code than click through a SIEM UI. You care about protecting healthcare providers and the patients who depend on them — and you want to build the systems that make that possible. • You'll own Doxy.me http://Doxy.me's detection and security operations function: writing detection rules, building telemetry pipelines, and responding to threats across our cloud-native platform. You'll apply engineering principles to security — detection-as-code over point-and-click, automation over manual toil. Most of your time will be spent on detection engineering, but you'll also contribute to threat modeling and product security alongside the wider team. • You're comfortable with ambiguity, self-directed, and motivated by impact. There's no SOC manager — you'll shape this function from scratch. • Experience writing and shipping detection rules using a detection-as-code approach • Strong programming skills in Python and/or TypeScript; comfortable with SQL for querying security data • Experience with AWS and cloud-native infrastructure • Familiarity with observability and monitoring platforms like Datadog • Understanding of attacker techniques and frameworks like MITRE ATT&CK • Experience with CI/CD pipelines and software engineering workflows • Comfort with threat modeling and application security concepts • Experience with incident response and forensic investigation • Familiarity with identity and access management systems • The Information Security team at Doxy.me http://Doxy.me is small and high-impact: a CISO, plus engineers covering corporate security, GRC & compliance, and product & application security. You'll be our first dedicated detection engineer — meaning you'll shape the function, the tooling, and the approach from the ground up. You'll work most closely with our product security engineer on threat modeling and detection strategy, and across the company with product and engineering teams. • DETECTION ENGINEERING • Own the detection lifecycle end-to-end: research threats, write rules as code, deploy via CI/CD, tune for precision, and maintain over time • Build and maintain telemetry pipelines that give visibility into application, infrastructure, and identity activity • Correlate signals across multiple data sources to improve detection accuracy and reduce false positives • SECURITY OPERATIONS & RESPONSE • Investigate and respond to security events, including containment, remediation, and post-incident analysis • Build automated response workflows that integrate with our cloud infrastructure and identity systems • BROADER SECURITY • Partner with product and engineering teams on threat modelling to identify detection opportunities early in the design process • Contribute to security monitoring standards, response procedures, and operational playbooks • TECHNICAL ASSESSMENT • As part of the interview process, you'll complete a practical assessment focused on detection engineering and threat analysis — or share a portfolio of relevant past work (detection rules, blog posts, open-source contributions, conference talks).