×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Senior Detection & Response Engineer

Job in Southlake, Tarrant County, Texas, 76092, USA
Listing for: Greystar
Full Time position
Listed on 2026-07-05
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below

Job Description Summary

Greystar is seeking a Senior Detection & Response Engineer for its Cybersecurity Operations team. This hybrid engineering and operations role requires building detections, writing code and automation, executing full incident response investigations, and applying solid security engineering fundamentals across our environment. The engineer will own the full loop: design detection, respond to alerts, and iterate on lessons learned to strengthen coverage.

Responsibilities span EDR, IAM, SIEM, Data Governance and close collaboration with our SOC.

Responsibilities
  • Design, build, test, and tune detection rules across SIEM and security tooling to target real attack techniques observed in our environment.
  • Build scripts, automation, and API integrations (using code and AI tooling) to accelerate detection engineering, investigation, and response workflows.
  • Lead incident response investigations end‑to‑end, from triage through containment, eradication, and closure.
  • Perform host and cloud forensic analysis, including disk, memory, and log artifact examination to reconstruct attacker activity and establish incident timelines.
  • Participate in an on‑call rotation and perform hands‑on alert and incident analysis.
  • Analyze Microsoft 365 and Entra  sources (interactive sign‑ins, non‑interactive sign‑ins, audit logs, unified audit log).
  • Investigate EDR detections, perform process‑tree analysis, and recommend containment actions.
  • Triage and investigate SOC escalations.
  • Develop and maintain automated response playbooks.
  • Conduct root cause analysis and determine initial access, persistence, and exfiltration methods during investigations.
  • Apply security engineering fundamentals to improve identity security, conditional access, and endpoint posture.
  • Produce clear, executive‑ready incident briefings, IOC documentation, and technical write‑ups.
  • Identify and tune false‑positive patterns to improve detection fidelity.
Required Qualifications
  • 6+ years in security operations, detection engineering, incident response, or a combined security engineering role.
  • Demonstrated ability to build detections and understand underlying logic, not just operate a tool.
  • Hands‑on digital forensics experience across endpoint and cloud, including artifact collection, timeline reconstruction, and evidence handling.
  • Proficiency in scripting and automation (Python, Power Shell, KQL, or similar) and effective use of AI tooling to accelerate development.
  • Working knowledge of attacker tradecraft and the ability to attribute activity based on TTPs.
  • Experience building or consuming API integrations across security and identity platforms.
  • Proficiency with EDR platforms.
  • Working knowledge of SIEM platforms and detection rule development.
  • Strong understanding of hybrid identity environments, including AD Connect sync behavior and Entra .
  • Experience investigating modern attack techniques (AiTM phishing, OAuth consent abuse, BEC, token replay, living‑off‑the‑land).
  • Solid security engineering fundamentals across identity, endpoint, and cloud.
  • Willingness to participate in an on‑call rotation and perform hands‑on incident response.
  • Strong written communication and documentation discipline.
Preferred Qualifications
  • Demonstrated use of AI tools (such as Claude, Copilot, or similar) to accelerate detection engineering, investigation workflows, scripting, and documentation.
  • Experience prompting and directing AI models to produce useful outputs in a security context (log analysis, detection logic drafting, incident timeline construction).
  • Familiarity with Microsoft Sentinel (analytic rule development using KQL, automation via Logic Apps or Playbooks).
  • Familiarity with Microsoft Entra , Purview, and Defender Suite.
  • Hands‑on experience with Crowd Strike Falcon (alert triage, process‑tree analysis, prevention policy management).
  • Experience with identity security tooling such as Saviynt, Entra , or similar IGA and privileged access platforms.
  • Prior experience in a large enterprise or managed security environment (5,000+ endpoints or 10,000+ users).
  • Relevant certifications (GCIA, GCIH, GCFE, GCFA, SC‑200, AZ‑500, or equivalent).
What You'll Work On

This hands‑on role features…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary