Detection Engineer

Summary

Join ElevenLabs as a Detection Engineer and be at the forefront of our security operations, building and maintaining our detection and incident response capabilities. This remote role, preferably in a timezone overlapping with Europe, requires a strong background in detection engineering, incident response, and SIEM infrastructure, specifically Google SecOps (Chronicle). You will develop, tune, and maintain security detection rules and alerts, monitor various platforms (JAMF MDM, Google Workspace, Okta, SaaS applications), and possess cloud security monitoring experience in Google Cloud (GCP) and GCP Security Command Center (SCC). Automation skills (Python, Bash) are crucial for automating tasks and integrating security tools. A deep understanding of attack techniques, threat intelligence, and security frameworks (MITRE ATT&CK, NIST) is essential. ElevenLabs offers learning & development stipends, social travel stipends, annual company offsites, and co-working stipends.

Requirements

• Proven experience in incident response and security operations, including triaging security alerts, conducting investigations, and leading response efforts
• Strong background in detection engineering, including developing, tuning, and maintaining security detection rules and alerts
• Hands-on experience with SIEM Infrastructure, specifically with Google SecOps (Chronicle). This includes data onboarding, parsing, rule creation, and dashboarding
• Proficiency in security monitoring across various platforms, including JAMF MDM for macOS endpoints, Google Workspace, Okta and general SaaS applications
• Experience with cloud security monitoring, particularly in Google Cloud (GCP) with familiarity in GCP Security Command Center (SCC)
• Solid scripting skills (e.g., Python, Bash) for automating detection and response tasks, data parsing, and security tooling integration
• Deep understanding of common attack techniques, threat intelligence, and the ability to translate them into actionable detections
• Familiarity with security frameworks and best practices (e.g., MITRE ATT&CK, NIST Cybersecurity Framework)
• Excellent analytical and problem-solving skills, with a keen eye for detail and the ability to connect disparate pieces of information during investigations

Responsibilities

• Develop, tune, and maintain security detection rules and alerts
• Monitor various platforms, including JAMF MDM for macOS endpoints, Google Workspace, Okta and general SaaS applications
• Conduct investigations and lead response efforts
• Automate detection and response tasks, data parsing, and security tooling integration
• Translate threat intelligence into actionable detections

Benefits

• Learning & development: Annual discretionary stipend towards professional development
• Social travel: Annual discretionary stipend to meet up with colleagues each year, however you choose
• Annual company offsite: We bring the entire company together at a new location every year
• Co-working: If you’re not located near one of our main hubs, we offer a monthly coworking stipend