openashbyhqabstractvc
Detection & Response, Security Engineer
WorkOS
LocationUnited States & Canada
WorkplaceRemote
EmploymentFullTime
Posted2026-04-23T01:05:21.318+00:00
Last observed2026-06-23 12:12:01.550490
Job idabstractvc-workos:ashbyhq:f229d715-9c93-4e5a-83cb-15718af99ed5
About WorkOS ๐ WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready. Our platform powers authentication, identity, authorization, and other critical infrastructure that developers need to securely scale their products to large organizations. We recently raised a $100M Series C, valuing the company at $2B, led by Meritech and Sapphire with participation from Greenoaks, Craft, Abstract, and Audacious. WorkOS powers enterprise features for many of the fastest-growing AI companies, including OpenAI, Cursor, and Perplexity, Vercel, and Plaid. As AI reshapes software, WorkOS is at the frontier of Human and Agent Authentication, Identity, and Access Controlโhelping companies answer a new critical question: who are your agents, and what are they allowed to do? Our fast-growing customer base includes hundreds of modern software companies building the next generation of enterprise-ready products. About the Security Team The Security team at WorkOS is responsible for keeping the data and identities of hundreds of millions of users secure. Security is fundamental to our products, and customer trust is the foundation of our success. We are a highly collaborative group with a strong engineering mindset. Our security program is shaped by hands-on experience attacking and defending systems, and applying lessons from across the industry. We embrace the latest advancements in practices and tooling that make modern security teams effective. Today, our team spans product security, cloud security, and GRC. We understand our product deeply, and we partner with an MDR provider for 24/7/365 detection and response coverage. About the Role We are looking for a Detection & Response Security Engineer to take our D&R capabilities to the next level. WorkOS has core security telemetry in place across SIEM, EDR, cloud and identity. What we are looking for now is expertise in writing custom detections tuned to our environment, building alerting pipelines, investigating incidents in depth, and further expanding our coverage across corporate systems and our product platform. You will own detection engineering and help lead incident response: designing, building, and continuously improving threat detections across WorkOS infrastructure, corporate systems, and (over time) the WorkOS product itself. You will partner with our MDR team while building out our internal function. You will also drive threat hunting and security operations maturity. This is a zero-to-one role. You will shape the strategy, choose the approach, and build the systems. We want someone who is equal parts security practitioner and software engineer. This is a remote position, open to candidates based in Canada or the United States. What You'll Do - Build out our detection engineering capability. Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems. We want you to write detections as code โ durable, tested, and version-controlled. - Own security incident response. Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments. Build playbooks and runbooks for repeatable response. - Extend detection into the product. Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities. - Build tooling and automation. Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities. We value engineering solutions over manual processes. - Improve visibility and logging. Work with engineering and infrastructure teams to ensure the right logs are collected, normalized, and available. Identify gaps in monitoring coverage and close them. - Partner with our MDR provider. Collaborate to validate detections, tune rules, and coordinate on incidents. Grow our...
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.