Senior Detection & Response Engineer - 100% remote

Role Overview The Security Operations Engineer is a senior individual contributor responsible for detecting, investigating, and responding to security threats across Apollo’s cloud-native and SaaS environments. This role requires strong technical depth, independent judgment, and ownership of complex security investigations from intake through resolution. This role operates in a fully remote environment and emphasizes clear written communication, operational rigor, and effective collaboration. Key ResponsibilitiesIncident Detection, Investigation & Response - Monitor, triage, and investigate security alerts and events across cloud infrastructure, SaaS applications, and corporate systems. - Conduct end-to-end security investigations, including scoping, containment, eradication, recovery, and documentation. - Own investigations independently while collaborating effectively during high-severity incidents. SIEM, Detection & Workflow Engineering - Configure and maintain SIEM detections in Panther, including use cases, correlation rules, alert logic, and tuning. - Onboard, validate, and maintain log sources to ensure visibility, accuracy, and reliability. - Design and improve investigation and response workflows to streamline triage, escalation, and resolution. - Leverage AI-assisted tools to accelerate alert analysis, enrichment, and investigation efficiency. Threat Hunting & Proactive Security - Perform proactive threat-hunting activities to identify malicious or anomalous behavior not surfaced by existing detections. - Investigate abuse, fraud, account compromise, and automation misuse scenarios in close collaboration with Fraud teams. - Identify detection gaps and propose, implement, and validate improvements. Automation, Coding & Tooling - Build scripts, automations, and tools to reduce manual work and improve response speed and consistency. - Use Python extensively for analysis, automation, and internal tooling; Ruby experience is a plus. - Contribute to internal detection frameworks, tooling, and shared libraries. Documentation & Continuous Improvement - Produce clear, high-quality documentation for incidents, investigations, and post-incident reviews. - Contribute to runbooks, playbooks, and operational standards. - Share knowledge, review peer work, and mentor other engineers.