Staff Security Engineer - Detection and Response

We all have important information we need to manage, and protecting it should be easy. Over 100,000 businesses and millions of people log in to 1Password to unlock smart, simple access to everything they care about. Our vision is to create a safer, simpler digital future for everyone, and our culture values simplicity, honesty and a human-centric approach to solving problems. Come help us unlock peace of mind so everyone can stay safer online.
At 1Password, customer privacy and security come first and foremost; this commitment informs everything we do, and the Security Team is responsible for upholding this commitment. We are a passionate team that truly cares about protecting our customers, and we’re looking for new team members that share this passion.
As a Staff Security Engineer on the Detection and Response team, you will be responsible for leading the development and implementation of strategies to detect and respond to security threats across 1Password. You will work closely with cross-functional teams to ensure the continuous improvement of our security posture and the protection of our assets against emerging threats. This role offers the opportunity to make a significant impact in safeguarding our systems and data against cyber threats.
Join us and unleash the excitement of protecting the digital world.
This is a Remote opportunity within Canada and the US.

What we're looking for:

• Minimum 7 years of experience in a security role with a focus on Detection Engineering, Incident Response, Digital Forensics and/or Threat Intelligence
• Experience leading and collaborating on complex and ambiguous cross-functional projects from design through implementation
• Expertise in leading security incidents to resolution with various incident responders and stakeholders
• Experience in building logging pipelines for log ingestion into a centralized system
• Expertise in SIEM and SOAR solutions for building behavior based detections and security automations
• Experience with Detection-as-Code to automate detection engineering workflows
• Experience with EDR, IDS/IPS and forensic analysis tools on various operating systems
• Strong understanding of current threat landscape and threat actor TTPs
• Experience with threat hunting and analyzing logs to identify potential security or privacy impacts
• Experience deploying cloud services (e.g., AWS, GCP) and a strong understanding of cloud security principles
• Proficiency in scripting and programming languages (e.g., Python, Bash) for automation and tool development
• Experience with software development lifecycle, project management, Terraform and CI/CD in GitLab or GitHub
• Excellent communication skills with a drive for collaboration and leveling up team members
• Bonus: …