Incident Manager - Detection & Response

About Our TeamAt OpenAI, we believe that the development of artificial general intelligence must be conducted in a way that is safe and beneficial for all of humanity. Security is paramount to our mission and underpins every aspect of our work.Our Security team is dedicated to safeguarding OpenAI’s technology, personnel, and products. We adopt a highly technical approach to our creations while maintaining operational excellence in execution. Our core tenets include prioritizing impactful initiatives, empowering our researchers, anticipating future technological advancements, and fostering a robust security culture.About the PositionAs a Security Engineer specializing in insider threat detection and response, you will collaborate with our talented engineers and researchers to build and secure groundbreaking AI technologies. This role emphasizes the identification and mitigation of insider threats, ensuring the protection of OpenAI's most sensitive assets. Key responsibilities will include:Key Responsibilities:Innovate and enhance our detection and response infrastructure to automate comprehensive workflows for detection and investigation.Develop, assess, and refine detection rules to guarantee effective and sustainable operations.Lead projects across OpenAI’s technology landscape focusing on insider threats, including access abuse and intellectual property theft, as well as emerging risks associated with AI infrastructure.Collaborate with cross-functional teams such as HR, Legal, and investigative units, providing technical insights and evidence to support thorough investigations.Engage in pioneering AI research initiatives, leveraging AI to bolster OpenAI’s security framework.Ideal Candidate Profile:A minimum of 5 years of experience in a detection/response or insider risk role; we welcome both mid-level and senior applicants.Proficient in operating systems and platforms, including macOS, Windows, Linux, and Kubernetes, with hands-on experience in cloud infrastructure.Strong knowledge of modern adversarial tactics, data exfiltration methods, and experience in managing and leading incident responses.Demonstrated proficiency in scripting languages such as Python, Bash, or PowerShell.Possess excellent analytical and problem-solving skills, with a keen attention to detail.

About Our TeamAt OpenAI, our commitment to security is integral to our mission of ensuring that artificial general intelligence serves the betterment of humanity.Our dedicated Security team safeguards OpenAI's innovative technology, workforce, and products. We emphasize a technical yet operational approach, supporting all research and products across the organization. Our core principles include prioritizing impactful security measures, empowering researchers, preparing for future technologies, and cultivating a robust security culture.About This OpportunityAs a Security Engineer specializing in Detection and Response, you'll collaborate with our talented engineers and researchers to build, manage, and secure groundbreaking AI technologies. Your role will encompass all facets of Detection & Response, contributing as a versatile generalist within the Security team. Key responsibilities include:Lead initiatives across various security domains including Application Security, Infrastructure Security, Offensive Security, and Detection and Response.Innovate solutions to address emerging security challenges.Collaborate on pioneering AI research and leverage AI to enhance OpenAI’s security posture.This position may be based in San Francisco, CA, Seattle, WA, or New York City, NY. We adopt a hybrid work model, requiring three days in the office per week, and provide relocation assistance for new hires.Your Contributions Will Include:Innovating and enhancing Detection and Response infrastructure.Developing tools for the management of detection rule lifecycles.Creating, measuring, and refining detection rules for effective and sustainable operations.Automating manual response workflows.Ensuring visibility and management of OpenAI’s endpoint fleet (macOS, Windows).Driving advancements in identity access management (IAM), device management, and our utilization of public cloud services (e.g., AWS, Microsoft Azure).You Will Excel in This Role If You Have:Experience in cybersecurity or a related field.Familiarity with Microsoft Azure and/or other cloud infrastructure platforms.Strong problem-solving skills and a passion for security innovation.

Join Cloudflare as a Threat Detection and Incident Response Intern for the Summer of 2026! This exciting opportunity is designed for students who are passionate about cybersecurity and eager to learn about detecting and responding to threats in a dynamic environment. You will work alongside experienced professionals, gaining hands-on experience that will enhance your skills and prepare you for a successful career in the field.

Embark on an exciting journey as a Threat Detection and Incident Response Intern at Cloudflare for the summer of 2026. This internship will provide you with the hands-on experience needed to thrive in the field of cybersecurity. You will work closely with our expert team to monitor, analyze, and respond to security incidents while contributing to innovative projects that protect our global network.

About Scribd:At Scribd Inc., we ignite curiosity and foster a vibrant ecosystem of stories and knowledge. Our mission is to democratize access to ideas and empower collective wisdom through our innovative platforms: Everand, Scribd, Slideshare, and Fable. Join us as we create an inclusive environment where creativity and collaboration thrive.We believe in cultivating a culture where authenticity and boldness flourish—encouraging open discussions and commitment to our goals while embracing the unexpected. Every team member is empowered to prioritize customer needs and take meaningful actions.Our flexible work policy, Scribd Flex, enhances individual work styles while fostering community connections. We encourage team members to collaborate intentionally through in-person moments, regardless of their location.We're looking for team members who embody "GRIT"—a blend of passion and perseverance towards long-term objectives. We seek individuals who can set and achieve Goals, deliver Results, offer Innovative solutions, and positively impact the Team's culture through collaboration.Role OverviewAs a Senior Security Engineer on our Infrastructure Security team, you'll play a crucial role in safeguarding our applications, platforms, and users. As we scale, we're enhancing our Detection & Response capabilities, transitioning towards a time-based security model that prioritizes speed, signal quality, and resilience as core design principles.

Join Klaviyo as a Senior Security Engineer specializing in Detection and Response. In this critical role, you will be at the forefront of safeguarding our systems and data, ensuring our clients' security. Collaborate with talented professionals in a dynamic environment where your expertise will directly impact our security posture.

Join our dynamic Security Engineering team as a Senior Security Engineer specializing in Detection and Incident Response. In this pivotal role, you will blend the realms of security operations and software engineering, not only investigating incidents but also developing the systems that detect, contain, and prevent them. Your contributions will involve designing and deploying high-precision detection mechanisms across cloud services and enterprise SaaS platforms, crafting automation to expedite response times, and enhancing telemetry pipelines essential for robust security measures.Your expertise in coding will be as vital as your incident triaging skills. You will structure investigations, analyze root causes, and clearly communicate the implications of security incidents to both technical and non-technical stakeholders. Additionally, you'll leverage these insights to drive lasting engineering improvements, resulting in better detections and smarter automation.

Role Overview Writer Inc. is hiring a Security Engineer focused on Detection and Response in San Francisco, CA. This position centers on building and maintaining security controls that safeguard the company’s digital assets. What You Will Do Develop and implement security measures to protect systems and data. Collaborate with teams across the company to strengthen security practices. Respond to security incidents and help improve incident response processes. Location This role is based in San Francisco, CA.

At Discord, we empower over 200 million users each month to connect, communicate, and collaborate in their gaming experiences. With more than 90% of our users engaging in video games, our platform serves as a vital hub for gaming communities. Our mission is to enhance the social aspect of gaming by enabling seamless interactions among players before, during, and after gameplay.Discord is dedicated to fostering a sense of belonging for all users. Our commitment to security and privacy ensures that communications remain safe and confidential, which is essential to our continued success.We are on the lookout for a talented Senior Detection and Response Engineer to join our dynamic Detection & Response Team (DART). Our team is focused on engineering innovative detection systems, automating response processes, and developing tools to proactively combat threats rather than merely responding to them. If you are passionate about security and enjoy transforming investigative insights into robust automated solutions, we would love to hear from you!

Role Overview Pinterest is hiring a Security Software Engineer II focused on Detection and Response. This role can be based in San Francisco, CA or remote within the US. What You Will Do Develop and refine detection strategies to identify security threats across the Pinterest platform. Implement and improve response protocols to address incidents efficiently. Work closely with teams from different disciplines to spot vulnerabilities and strengthen defenses. Support efforts to reduce incident response times and protect the safety of Pinterest’s user community. Location This position is open to candidates in San Francisco, CA or remote within the United States.

Role overview Benchling is looking for a Detection and Response Engineer in San Francisco, CA. This role focuses on protecting company systems and applications from security threats. The engineer will use experience in incident response and threat detection to help maintain strong security and system integrity.

About AbridgeAbridge, established in 2018, is dedicated to enhancing understanding in healthcare. Our innovative AI platform is specifically designed for medical conversations, streamlining clinical documentation processes and allowing clinicians to prioritize patient care.Our advanced technology converts patient-clinician discussions into structured clinical notes in real-time, featuring robust EMR integrations. With our unique Linked Evidence and auditable AI, we stand out as the only company that aligns AI-generated summaries with verified ground truth, enabling healthcare providers to trust and validate our outputs swiftly. As leaders in generative AI for healthcare, we are setting benchmarks for the ethical application of AI within health systems.Our diverse team comprises practicing MDs, AI scientists, PhDs, creatives, technologists, and engineers, all collaborating to empower individuals and enhance healthcare delivery. Our offices are located in San Francisco's Mission District, New York's SoHo neighborhood, and Pittsburgh's East Liberty.The RoleAre you ready to build robust security measures at the forefront of AI in healthcare? We are seeking a highly skilled and motivated Senior or Staff Threat Detection and Response Engineer to join our pioneering Abridge Security Operations team. As one of our initial engineers, you will play a crucial role in elevating the costs for any adversary targeting our organization or our clients.This role demands profound technical knowledge, a builder’s mindset, and exceptional communication abilities to foster a security-centric culture across the organization. This is a greenfield opportunity to shape the future of Threat Detection and Response at Abridge. You will excel here if you are passionate about creating solutions from scratch and recognize that modern security fundamentally revolves around large-scale data and automation challenges.What You’ll DoLead investigations into complex, organization-wide security incidents, establishing best practices across various security domains including log analysis, digital forensics, and malware analysis.Design and implement a strategic roadmap for threat detection capabilities, developing high-fidelity detection systems informed by a deep understanding of advanced threat actor tactics, techniques, and procedures (TTPs).Architect scalable incident response processes while driving automation throughout the entire incident response lifecycle, establishing effective patterns for the organization.Act as a key technical leader and influence security practices organization-wide.

Join SoFi as a Security Product Lead specializing in Threat Intelligence and Insider Risk. In this pivotal role, you will spearhead initiatives that enhance our security posture and protect our assets from internal and external threats. You will collaborate with cross-functional teams to develop and implement innovative security solutions, ensuring the safety and integrity of our operations.

About Us:At Ambience Healthcare, we are not just another documentation service; we are pioneering an AI-driven platform that reintroduces humanity into healthcare, creating substantial returns on investment for health systems nationwide.Our innovative technology empowers healthcare providers to concentrate on exceptional patient care by alleviating the administrative burdens that detract from their crucial responsibilities. We provide real-time, coding-aware documentation and clinical workflow assistance across various healthcare settings, including ambulatory, emergency, and inpatient environments, collaborating with the leading health systems in North America.We are committed to delivering the best solutions for our partners, operating with a strong sense of ownership and a culture that values transparency, positivity, and thoughtful discussion. Our team holds each other to high standards because we understand the significance of the challenges we tackle.Recognized as a leader in enhancing clinician experiences by KLAS Research, featured by Fast Company as one of the Next Big Things in Tech, acknowledged by Inc. as one of the best AI companies in healthcare, and listed as a LinkedIn Top Startup for 2024 and 2025, Ambience is backed by prestigious investors including Oak HC/FT, Andreessen Horowitz (a16z), OpenAI Startup Fund, and Kleiner Perkins. Our journey is just beginning.The Role:As a key member of our team, you will spearhead the detection engineering and incident response program within a HIPAA-compliant, AI-driven environment, where the threat landscape includes LLM-powered agents operating across diverse infrastructures. Your responsibilities will include writing production code, architecting security data pipelines, and establishing high standards for detection and response within a rapidly evolving attack surface.This position requires a hybrid work model based in our San Francisco office (3 days per week).What You’ll Own:Detection Engineering: Establish a detection pipeline covering our highest-risk surfaces, including AWS, Kubernetes, Okta, endpoints, and SaaS tools. Create environment-specific detections that ensure reliable alerting for the on-call team.Incident Response: Develop a comprehensive incident response program, including playbooks, escalation processes, evidence collection, and post-mortems. Ensure all procedures are well-documented, practiced, and meet regulatory requirements.

About Our TeamAt OpenAI, our Security organization is dedicated to fostering safe and responsible innovation on a global scale. As our systems, infrastructure, and research capabilities expand, we are committed to investing in top-tier security measures that protect our people, products, and users while maintaining our momentum in progress.Our team is focused on safeguarding OpenAI’s environments by developing sophisticated detection systems, enhancing real-time response capabilities, scaling telemetry and logging infrastructure, and providing actionable threat intelligence to proactively counter adversaries.About the RoleWe are on the lookout for a Global Detection and Response Lead who will take ownership of and enhance OpenAI’s cybersecurity detection and response operations. In this pivotal role, you will establish the strategy and oversee the execution of security monitoring, incident response, recovery, and post-incident enhancements across our global infrastructure.As a hands-on leader with substantial technical credibility and acute operational instincts, you will build and mentor high-performing teams, collaborate closely with Infrastructure, Research, Product Security, Enterprise Security, IT, and Engineering to ensure that detection and response capabilities are integrated into the systems that drive OpenAI.This role demands strategic thinking combined with practical leadership skills, requiring deep technical expertise, operational discipline, and the ability to cultivate high-performing teams in a dynamic environment.Key Responsibilities:Lead global detection and response operations, ensuring continuous monitoring, triage, investigation, containment, and remediation of security incidents across diverse networks and infrastructures.Mentor and manage several teams of senior engineers focused on observability, detection and response, and threat intelligence, strategically expanding these functions as OpenAI’s computational capacity and platform aspirations grow.Ensure exceptional operational readiness through management of incident response playbooks, on-call procedures, escalation protocols, and ongoing enhancements to response efficacy and agility.Enhance detection effectiveness by collaborating with engineering teams to ensure essential telemetry is accessible, reliable, and actionable across cloud, corporate, and production environments.Work collaboratively across all departments to assess and address emerging security challenges and risks.

This position is open to remote candidates across the U.S., with a preference for those located in the San Francisco/Bay Area or Seattle/Bellevue. U.S. citizenship is required.Databricks is on the lookout for a highly skilled and strategic Senior Staff Security Engineer specializing in Incident Response to bolster our Incident Response team. In this critical role, you will make decisions that will significantly influence the long-term success of Databricks' security framework, crafting solutions that pave the way for future opportunities even when paths are unclear. Your contributions will be vital in shaping a multi-year technology strategy for key sectors of our business, involving multiple systems and teams, and consistently delivering large-scale projects aligned with corporate objectives.The Incident Response team is dedicated to swiftly, effectively, and uniformly addressing security threats, incidents, and investigations to safeguard our customers, employees, and enterprise data. Utilizing Databricks' own platform for near-real-time log analytics, alerting, and forensics, we embody a philosophy of "Security for Databricks on Databricks." As a Senior Staff Security Engineer, you will tackle the most challenging Security Incident Response Team (SIRT) tasks, navigate complex, ambiguous problems, and enhance the organization’s efficiency through systems enablement, tool creation, or policy innovation.Your Impact:Strategic Direction & Technical Vision: Influence the organization's roadmap and lead discussions on vital technology domains, fostering adoption and contributing decisions with long-term implications for Databricks' success.Incident Leadership & Crisis Management: Spearhead intricate investigations and impact assessments, executing crisis management through the Incident Management System (IMS). Collaborate with various stakeholders and convey findings to executive leadership, ensuring effective handling of significant security incidents with minimal operational disruption.Advanced Threat Management: Demonstrate expert knowledge across all cloud services utilized by Databricks (AWS, Azure, GCP), possessing a deep understanding of the architecture of essential business components and articulating their security and risk parameters. Propel the creation of a sophisticated threat detection and response program aimed at significantly reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.Technical Innovation & Automation: Design scalable security solutions that leverage automation to enhance incident response efficiency and effectiveness.

Join Sofi as a Lead Cyber Threat Intelligence Engineer and play a pivotal role in safeguarding our digital landscape. In this position, you will lead initiatives aimed at identifying, analyzing, and mitigating potential cyber threats, ensuring the safety and integrity of our systems and data.

Join Anthropic as a Security Engineer specializing in Detection & Response, where you will lead efforts to secure our pioneering AI systems. In this crucial role, you will develop innovative solutions to monitor for threats, investigate incidents swiftly, and coordinate with various teams to ensure robust security protocols. You will have a unique opportunity to shape our security capabilities in collaboration with our elite research and engineering teams, making a real impact in the rapidly evolving AI landscape.

Join SoFi as a Senior Cyber Threat Intelligence Engineer, where you will play a crucial role in safeguarding our digital assets. You will analyze threat data, develop actionable intelligence, and collaborate with cross-functional teams to enhance our security posture. Your expertise will be pivotal in identifying and mitigating potential risks while leveraging advanced analytical tools.