WHO WE'RE LOOKING FOR 🌟
We're looking for an Incident Detection & Response Engineer — a hands-on security professional who can strengthen Manychat’s ability to detect, investigate, and respond to security threats across cloud, application, identity, and endpoint environments.
Reporting to the Cyber Operations Lead, you’ll play a key role in building and operating our detection and response capabilities. You’ll work closely with Infrastructure, IT Operations, and Engineering teams to identify suspicious activity, investigate incidents, improve security monitoring, and help make our environment more resilient.
This role is ideal for someone who enjoys technical investigation, structured response, automation, and continuous improvement of detection logic, playbooks, and operational processes.
WHAT YOU'LL DO 🚀
- Monitor, triage, and investigate security alerts across SIEM, EDR, email security, cloud security, identity, and application security tools.
- Lead hands-on investigation of security events involving AWS, Okta, endpoints, SaaS platforms, infrastructure, and application logs.
- Perform incident response activities: scoping, containment, evidence collection, root cause analysis, remediation support, and post-incident reviews.
- Develop and improve detection logic, correlation rules, alert tuning, and use cases across cloud, identity, endpoint, and application layers.
- Analyze logs and telemetry from sources such as AWS CloudTrail, GuardDuty, Security Hub, Okta, EDR, WAF, DNS, VPN, and business systems.
- Create and maintain incident response playbooks, investigation runbooks, escalation procedures, and operational documentation.
- Partner with Infrastructure, IT Operations, and Engineering teams to validate findings, remediate risks, and improve security controls.
- Support vulnerability, misconfiguration, and threat investigations by correlating signals from multiple security tools.
- Contribute to threat hunting activities based on known attacker techniques, suspicious behavioral patterns, and emerging threats.
- Help improve visibility across cloud, endpoint, identity, and application environments.
- Support security incident reporting, timelines, post-mortems, and lessons-learned documentation.
- Contribute to compliance evidence and operational controls related to SOC 2 and ISO 27001 incident response requirements.
- Help automate repetitive investigation and response tasks where practical.
TO SHINE IN THIS ROLE 💥You'll need:
- 5+ years of hands-on experience in security operations, incident response, detection engineering, SOC, cloud security, or related technical security roles.
- Practical experience investigating security alerts and incidents across cloud, identity, endpoint, and network/application layers.
- Strong experience working with SIEM platforms, including log analysis, alert triage, rule tuning, and investigation workflows.
- Hands-on experience with EDR tools and endpoint investigation across macOS and/or Windows environments.
- Experience investigating identity-related events, ideally using Okta or a comparable IAM/SSO platform.
- Solid understanding of common attacker techniques, MITRE ATT&CK, phishing, credential compromise, malware, lateral movement, and cloud misconfiguration risks.
- Ability to perform structured incident response: scope the issue, identify impact, coordinate containment, support remediation, and document findings clearly.
- Experience writing and maintaining incident response playbooks, detection logic, and investigation runbooks.
- Strong analytical mindset with the ability to connect signals across different tools and data sources.
- Good communication skills — able to explain technical findings, risk, and recommended actions clearly to both technical and non-technical stakeholders.
- Fluent English communication skills, both written and verbal.
It would be great if you have:
- Experience with detection engineering and building SIEM correlation rules or detection-as-code workflows.
- Understanding of AWS security services and logs, including CloudTrail, GuardDuty, Security Hub, IAM, and AWS Config.
- Digital forensics experience, including endpoint evidence collection and timeline analysis.
- Experience with WAF, DNS security, VPN, MDM, DAST/SAST, SCA, or secrets scanning tools.
- Experience supporting SOC 2 and/or ISO 27001 compliance requirements in a SaaS environment.
- Experience with scripting or automation using Python, Bash, Terraform, or SOAR-style workflows.
- Security certifications such as GCIH, GCIA, GCFA, GNFA, CySA+, Security+, or similar.
- Experience working in a fast-moving SaaS or product engineering environment.
WHAT WE OFFER 🤗
We care deeply about your growth, well-being, and comfort:
- 💙 Comprehensive health insurance for both you and your family.
- 📚 Professional development budget for conference tickets, online courses, and other relevant resources to help you grow.
- 🫶 Flexible benefits package: no one-size-fits-all perks here. You get a budget and you decide where it goes, from health and wellbeing to family and setting up your home office.
- 🪴 Hybrid work and generous, flexible time off — planned with your team, not rationed by a rigid quota.
- 🤝 Company-funded sport activities, annual offsites and team-building events.
- 🤖 AI isn't a perk here — it's how we work. Claude, OpenAI, and more are on by default from day one, and we back teams in adopting whatever makes them faster.
Manychat is an Equal Opportunity Employer. We're committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
This commitment is also reflected through our candidate experience. If you have individual needs that may require an accommodation during the interview process, please indicate this in your application. We will do our best to provide assistance throughout your interview process to ensure you're set up for success.
With my application, I accept the Manychat Privacy Policy.