Design and implement detection logic across our SIEM, EDR, cloud security tools and identity systems.
Lead and support security incident investigations using data analytics, log analysis, and system forensics across corporate and production environments.
Build playbooks and runbooks for repeatable response. - Extend detection into the product.
Instrument additional application-level telemetry across the WorkOS platform to detect abuse patterns, anomalous authentication activity, and threats that target our customers' identities. - Build tooling and automation.
Develop scripts, integrations, and SOAR workflows to automate detection, enrichment, and response activities.
Identify gaps in monitoring coverage and close them. - Partner with our MDR provider.
Collaborate to validate detections, tune rules, and coordinate on incidents.
Grow our internal capability over time while maintaining the partnership. - Contribute to security operations maturity.
Requirements
WorkOS powers enterprise features for many of the fastest-growing AI companies, including OpenAI, Cursor, and Perplexity, Vercel, and Plaid.
As AI reshapes software, WorkOS is at the frontier of Human and Agent Authentication, Identity, and Access Control—helping companies answer a new critical question: who are your agents, and what are they allowed to do? Our fast-growing customer base includes hundreds of modern software companies building the next generation of enterprise-ready products.
Security is fundamental to our products, and customer trust is the foundation of our success.
WorkOS has core security telemetry in place across SIEM, EDR, cloud and identity.
You are proficient in at least one programming language (Python, Go, or similar) and comfortable working with infrastructure-as-code, APIs, and CI/CD systems. - Experienced in detection engineering.
You understand how to translate threat intelligence and attacker TTPs into actionable detection logic. - Comfortable across corporate and cloud environments. You have
experience with EDR, identity systems, cloud security (AWS), and network telemetry.
experience in security engineering, detection engineering, incident response, or a related technical security role. - Strong engineering fundamentals; ideally a computer science or engineering degree or equivalent industry
experience (software engineering, SRE, network engineering). - Proficiency in Python, Go, or another general-purpose programming language. - Hands-on
experience with SIEM platforms (Panther, Splunk, Elastic, or similar) — writing detection rules, building log pipelines, and investigating alerts. -
Experience with EDR technologies (SentinelOne, CrowdStrike, or similar) and endpoint investigation. - Familiarity with cloud security fundamentals (AWS IAM, networking, Kubernetes basics). -
Experience with Detection-as-Code practices (version-controlled, tested detections). - Familiarity with SOAR platforms and security automation. -
Experience with identity/authentication systems (Okta, SAML, OIDC) — highly relevant given our product domain. - Prior
experience building a D&R function from scratch. -
Experience at a developer tools, identity/auth, or infrastructure company.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses.
Experience
Qualifications - 5+ years of
Benefits
We recently raised a $100M Series C, valuing the company at $2B, led by Meritech and Sapphire with participation from Greenoaks, Craft, Abstract, and Audacious.
Experience with incident response in production and/or corporate environments. - Strong written and verbal communication skills. BONUS: -
Benefits and Perks (US Only) 💖 At WorkOS, we offer resources that emphasize personal and familial well-being.
We offer healthcare coverage for you and your family, including medical, dental, and vision.
We offer parental leave, paid-time off and fully remote working arrangements.
Benefits include: - Competitive pay - Substantial equity grants - Healthcare insurance (Medical, Dental and Vision) for you and your family - 401k matching - Wellness and fitness monthly allowances - PTO + paid holidays + unlimited sick leave - Unlimited token usage Please inquire directly with our recruiting team for
Additional details
About WorkOS 🚀 WorkOS builds modern developer tools and APIs that make it easy for companies to become Enterprise Ready.
Our platform powers authentication, identity, authorization, and other critical infrastructure that developers need to securely scale their products to large organizations.
About the Security Team The Security team at WorkOS is responsible for keeping the data and identities of hundreds of millions of users secure.
We are a highly collaborative group with a strong engineering mindset.
experience attacking and defending systems, and applying lessons from across the industry.
We embrace the latest advancements in practices and tooling that make modern security teams effective.
Today, our team spans product security, cloud security, and GRC.
We understand our product deeply, and we partner with an MDR provider for 24/7/365 detection and response coverage.
About the Role We are looking for a Detection & Response Security Engineer to take our D&R capabilities to the next level.
What we are looking for now is expertise in writing custom detections tuned to our environment, building alerting pipelines, investigating incidents in depth, and further expanding our coverage across corporate systems and our product platform.