Staff Detection and Response Engineer

Spotnana

Let’s build what’s next, together.
We are Spotnana. We’re on a mission to modernize the infrastructure of the $1.6 trillion travel industry to power the perfect trip for travelers everywhere. Our Travel-as-a-Service platform is designed to make every trip better, whether someone is booking for work or leisure travel, building a travel tool, or looking to offer personalized experiences at scale.
We’re not just modernizing tech, we’re rethinking how the industry works. And to get there, we’re bringing together innovative, ambitious, and open-minded people who want to build something that lasts.
At Spotnana, our values and principles guide how we work and grow together:
  • Build the future – We are leaders, we are innovators, we are ambitious.
  • Commit to excellence – We’re accountable, we are partners, we are agile.
  • Stronger together – We lead with respect and integrity, we are inclusive, we are lifelong learners.
Who: You! And the rest of the Threat Detection & Response team, Security organization, & our cross-functional partners across Engineering and Infrastructure.
What: A Staff Detection & Response Engineer role and an outstanding ability to operate with autonomy and ownership across the full detect-and-respond lifecycle.
When: ASAP! We are looking to hire and onboard a new hire as soon as we find the right person for the job. Exciting work awaits! 
Where: Our office hub location of Palo Alto or NYC – you will be required to be in office 1+ days per week in alignment with our office work policy. This role is also eligible for 100% remote work.
Why: We’re looking for a Detection & Response Engineer to join our Threat Detection & Response team. You’ll build, tune, and maintain detection logic across a modern cloud-native security stack, investigate alerts and incidents end-to-end, and help mature our detection engineering and incident response capabilities.
How (to land the job!)Our interview process typically includes an initial recruiter conversation, a technical screening, and a series of interviews with team members to assess hands-on experience, problem-solving, and collaboration skills.
The day-to-day:
  • Author, test, and maintain detection logic as code across SIEM, EDR, and cloud platforms
  • Investigate security alerts, triage findings, and escalate as appropriate
  • Lead and participate in incident response as both responder and incident commander
  • Conduct threat hunts informed by emerging TTPs and threat intelligence
  • Build and improve automation to accelerate detection, triage, and response workflows
  • Contribute to runbooks, playbooks, and post-incident documentation
  • Collaborate with engineering and infrastructure teams to improve logging coverage and signal quality
Skills & qualities we value:
  • 4+ years in a detection engineering, SOC, or incident response role
  • Hands-on detection-as-code experience — writing, testing, versioning, and deploying custom detection rules in a CI/CD or Git-based workflow
  • Strong custom detection authoring across at least one SIEM platform (ES|QL, KQL, SPL, or similar query languages)
  • Demonstrated alert investigation and triage skills — comfortable working from raw logs to root cause
  • Incident response experience in both responder and commander capacities, including coordination, containment, and post-incident review
  • Intermediate or above programming proficiency in Python or Go — able to build tooling, parse data, and automate workflows
  • Engineering background in building, deploying, or maintaining security systems (log pipelines, detection infrastructure, integration work)
  • Familiarity with the MITRE ATT&CK framework for mapping detections and threat hunts to adversary TTPs
  • Experience with at least one EDR platform (e.g., Microsoft Defender for Endpoint, CrowdStrike, SentinelOne) — writing custom queries and hunting beyond built-in alerts
  • Threat hunting experience using hypothesis-driven, intelligence-driven, or anomaly-driven approaches
  • Security log pipeline experience — building or maintaining ingestion from diverse sources (cloud APIs, webhook integrations, custom parsers)
  • Version control and CI/CD fluency — Git workflows for detection content
Preferred experience:
  • Experience with AWS, Azure, and/or GCP security services and cloud-native logging (CloudTrail, Azure Activity Logs, GCP Audit Logs)
  • Elastic Security experience (detection rules, ES|QL, index and ingest pipeline familiarity)
  • Experience with identity-based attack detection (Entra ID, Okta, SSO/OIDC abuse patterns)
  • SOAR or security automation tooling experience — building response playbooks, enrichment workflows, or triage automation
  • API security monitoring or investigation experience
  • Exposure to Zero Trust architectures (Cloudflare, Zscaler, or similar)
  • Familiarity with threat intelligence platforms or feeds (MISP, OTX, abuse.ch)
  • Supply chain security awareness (npm, PyPI, container image compromise detection)
  • Strong written communication — able to produce clear incident reports, runbooks, and stakeholder updates
Perks & benefits you will love
Spotnana strives to offer fair, industry-competitive, and equitable compensation. Our approach assesses total compensation, including cash, annual performance bonus, company equity, and comprehensive benefits.
The base salary range for this role is $150,000 – $190,000 per year, depending on a number of factors including the candidate’s working location.
We care for the people who make everything possible – our benefits include:
  • Pre-tax and ROTH 401(k) options via Fidelity with up to a 4% company match
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability effective on your hire date. We cover 100% of your employee premiums and 85% of your eligible dependents
  • Pre-tax flexible spending account options for health, dependent care and commuter expenses
  • Flexible PTO  in addition to 10 company holidays and an end-of-year company shutdown
  • Up to 26 weeks of parental leave
  • Monthly cell phone/internet stipend
  • Extra perks — IATAN travel membership, pet insurance, financial wellness tools, Calm app access, and more
We are committed to fostering a diverse, inclusive environment and to encourage these values in everyone on our team. We provide an environment of mutual respect where opportunities are available without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. We believe that diversity and inclusion for people from all walks of life is key to our success as a company.
Protect yourself from recruitment scams – All recruiting outreach and communication comes directly from our internal team via an email with an @spotnana.com address or through LinkedIn. We encourage candidates to verify the source of any outreach before sharing personal information. We do not use external recruiting partners for our hiring efforts or Microsoft Teams for interviews. We will never ask you to pay for equipment, training, visa fees, or anything else during the hiring process. We do not extend offers via text-based apps or use Microsoft Teams for interviews. All legitimate openings are listed at https://www.spotnana.com/careers/careers-listing/.

To apply for this job please visit jobs.gem.com.