Director, Detection & Response Engineering

Summary

Join Expel as a leader of multiple high-performing teams of detection and response engineers. You will create the strategy and operational processes to rapidly support the ingestion of new security signals, deliver world-class detections, build effective automation, and drive the security value and scalability of the MDR service. You will also create processes and tools to measure adherence to this strategy and maintain and evolve it to balance customer and SOC needs. Your leadership will structure teams for rapid service delivery while maintaining a focus on innovation, balancing reactive and proactive approaches. This role is critical to Expel's success, offering significant opportunity and access to a vast security dataset. You will define how the platform evolves and contribute to the continuous improvement of detection capabilities.

Requirements

• 10+ years in threat detection and incident response within the context of managed services, incident response, security product research teams, and/or large enterprise security teams
• 5+ years mentoring security analysts, researchers, engineers, or data scientists
• A deep understanding of attack surfaces, corresponding attacker behaviors, how behaviors map to MITRE ATT&CK, and how to deliver coverage for those behaviors
• Experience with a wide range of security solutions across categories such as Endpoint, Network, Cloud, Identity, SIEM/XDR, and security orchestration

Responsibilities

• Create the strategy and operational processes to rapidly support the ingestion of new security signals, deliver world-class detections, build effective automation, and ultimately drive the security value and scalability of the MDR service
• Create processes and tools to measure our adherence to this strategy
• Maintain and evolve the strategy to balance the needs of our customers and our SOC, in terms of both coverage and efficiency
• Structure your teams to support rapid service delivery, while maintaining a consistent focus on innovation
• Strike that perfect balance between reactive and proactive
• Lead, inspire, and organize multiple, high-performing teams of detection and response engineers

Preferred Qualifications

• Experience implementing cybersecurity schemas such as OCSF, ASIM, CIM, or ECS to accelerate detection and response delivery is a plus
• Knowledge of common ML techniques and experience applying machine learning techniques in cybersecurity is a plus

Benefits

• Unlimited PTO
• Work location flexibility
• Up to 24 weeks of parental leave
• Really excellent health benefits