Senior Security Software Engineer, Detection and Response

Discord is about giving people the power to create space to find belonging in their lives. Trusted by millions of people to keep their communications secure, private, and out of the hands of evildoers, security and privacy are necessary to Discord's success.

We're looking for a Senior Detection and Response Engineer to join our Detection & Response Team (DART). We're an engineering-focused team that build scalable detection systems, automate response workflows, and develop tooling that lets us stay ahead of threats rather than just react to them. If you're an engineer who's passionate about security and loves turning investigative insights into durable, automated solutions, read on!

What you’ll do:

• Build detection systems at scale. Design and implement detections across cloud infrastructure, applications, and enterprise systems using large-scale log analysis and behavioral signals.
• Engineer response automation. Develop tooling and workflows that reduce mean time to detection and response - turning manual playbooks into code.
• Lead incident response. Serve as a subject matter expert during security incidents, driving investigations from initial triage through root cause analysis and remediation.
• Architect observability. Partner with internal teams to identify new telemetry sources, improve log coverage, and ensure we have visibility where it matters.
• Hunt proactively. Use threat intelligence and behavioral analysis to find malicious activity before alerts fire - then turn those hunts into production detections.
• Ship production code. Contribute to a fast-moving codebase, deploying detection logic and automation tooling to production environments.
• Mentor and elevate. Partner with our embedded response team - coaching on investigative techniques, detection engineering principles, and incident handling. Help build a culture of continuous learning and technical excellence.

What you have:

• 3+ years in Detection and Response as a senior IC, with demonstrated experience building (not just operating) security tooling
• 3+ years programming in Python or similar - you’ll write production code, not just scripts
• Strong experience with cloud security monitoring and investigations
• Experience in building detections from large datasets and automating incident response processes
• Deep knowledge of attacker TTPs, malware analysis, and threat hunting methodologies
• Experience with container orchestration (Kubernetes) and/or serverless technologies (Cloud Functions, Workers)
• Familiarity with distributed systems observability and log analysis at scale

Bonus Points:

• Hands-on experience with Panther SIEM
• Background in BeyondCorp / Zero-trust environments
• Experience with Cloudflare security tooling
• Contributions to open-source security projects

Candidates must reside in or be willing to relocate to the San Francisco Bay Area (Alameda, Contra Costa, Marin, Napa, San Francisco, San Mateo, Santa Clara, Solano, and Sonoma counties). For this role, the hiring manager would like folks to be in the office 1 day a week. Relocation assistance may be available. 

The US base salary range for this full-time position is $196,000 to $220,500 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the ba