Senior Security Engineer II (Threat Detection & Response)

Senior Security Engineer II - Threat Detection & Response

Location : New York City, NY (4 days onsite is a must, 1 day remote)

Contract: 6+ Months

Job Description:


Client is seeking a Senior Security Engineer- Detection & Response (Threat-Informed Defense) to join our Security Engineering team.You will act as the technical SME for threat Intelligence, detection and response, partnering across Security, Platform, Product, and Engineering to reduce risk and improve resilience at scale. You will bridge the gap between Cyber Threat Intelligence (CTI) and actionable defense, shaping our security architecture to withstand modern adversary tactics before they manifest in our environment.


In this role you will not just administer the platforms. You'll write production-grade code, engineer scalable detections, automate response, and develop proactive threat controls using deep knowledge of cloud, identity, application, and data attack paths.

What You'll Do

• Adversary Response Planning: Develop and maintain a comprehensive adversary response strategy, mapping organizational risks to specific threat actor TTPs (Tactics, Techniques, and Procedures).
• Cross-Functional Leadership: Act as a Subject Matter Expert to Infrastructure, Engineering, and security teams. Guide these partners in implementing proactive security controls, ensuring that security is "baked in" to the development lifecycle and corporate infrastructure.
• Proactive Threat Modeling: Lead and build collaborative threat modeling sessions for new products and infrastructure, helping cloud platform, Engineering and IT identify and neutralize architectural weaknesses before deployment.
• Continuous Detection Engineering: Build, tune, and constantly update a library of high-fidelity detections. You will ensure our alerting logic evolves in lockstep with new exploitation techniques and industry benchmarks.
• Industry Alignment: Monitor the evolving security landscape (e.g., CISA advisories, new MITRE techniques) to ensure client remains at the forefront of industry-standard security controls.
• Resilience Testing & Training: Design and lead cross-functional Incident Response simulations and tabletop exercises. Use these sessions to educate non-security teams on their roles during a crisis and to identify gaps in our defense-in-depth strategy.
• Advanced Incident Management: Lead the full lifecycle of high-severity security incidents, acting as the primary SME for containment and eradication while managing communication with executive leadership.
• Automation & Orchestration: Architect SOAR workflows to ensure common adversary techniques are met with immediate, automated remediation, reducing the manual burden on IT and Ops.

What We're Looking For

• Minimum 7+ years in security with at least 5+ years deeply focused on detection engineering, incident response, or threat hunting in cloud-native environments and a track record of working in fast paced SaaS environments,moving organizations from reactive IR to threat-informed defense.
• Bachelor's or Master's degree in Computer Science, Cyber Security, or a related field.
• Hands-on proficiency in securing AWS/GCP/Azure + modern Identity Stack, including experience with Kubernetes security and Terraform/IaC.
• Strong coding ability to build automations, security pipeline, detection as code etc.
• Deep understanding of cloud IAM attack paths, token/session abuse, API threats, and data exfiltration patterns, CI/CD for detections
• Experience designing and operating telemetry pipelines (normalization, correlation, data quality, schema strategy).
• Strong incident response leadership for high-severity events in production environments.
• Deep familiarity with threat intelligence frameworks (MITRE ATT&CK) and the ability to convert raw intel into actionable detection/prevention strategies.
• Proven experience running incident response tests, breach and attack simulations (BAS), or red/blue team exercises.
• Deep expertise in security tooling across SIEM, EDR, CNAPP, WAF, CASB, and Data Security platforms and judgment to know when to buy vs build.
• The ability to translate complex technical threats into clear, actionable guidance for both technical peers and executive leadership.
• Relevant certifications (nice-to-have): GCIA, GCIH, GCTI, CISSP, CCSP.
• Contributions to open-source security projects or published research (nice-to have)