Senior Detection Engineer

About the Role

The Detection Engineering team adopts a detection-as-code mindset, where everything built is versioned, tested, and deployed through repeatable pipelines. This approach emphasizes the importance of reducing noise, improving analyst efficiency through automation and Security Orchestration, Automation, and Response (SOAR), and continuously evolving the coverage as the threat landscape shifts. As a technical anchor on the team, your contributions will be critical in shaping the future of Instacart's security function.

Instacart's Flex First approach means that as a Senior Detection Engineer, you will have the flexibility to choose where you work best, whether that's from home, an office, or a favorite coffee shop, while staying connected with the team through regular in-person events. This flexibility, combined with the company's mission to make grocery shopping more accessible, makes for a unique and fulfilling work environment.

What You Will Do

• Develop, tune, document, and maintain detection logic across multiple log sources, including endpoint, cloud, container, and SaaS products.
• Assist in cyber forensic investigations across a variety of log sources to ensure comprehensive threat analysis.
• Optimize log ingestion pipelines and telemetry collection to ensure high-quality, actionable security data, managing volume and cost effectively.
• Design and build SOAR playbooks and automation workflows to streamline detection triage, enrichment, and response actions, enhancing the efficiency of the security team.
• Mentor junior security analysts and detection engineers on threat hunting methodologies, detection logic development, and investigation techniques to foster a culture of knowledge sharing and growth.
• Collaborate with Engineering, Red Team, Incident Response, Fraud, and Trust & Safety teams to ensure detections reflect real-world adversary behavior, not just signatures.
• Operate with a detection-as-code mindset, versioning, testing, and deploying everything built through repeatable pipelines to maintain high standards of quality and reliability.
• Participate in the development of automated testing and CI/CD deployment pipelines for detection logic to ensure smooth integration and deployment.
• Stay updated on the latest threat intelligence and attacker TTPs to continuously improve detection capabilities and stay ahead of emerging threats.

What We Are Looking For

• Minimum of 5+ years of experience in a detection engineering, incident response, or offensive security role.
• Experience with one or more public cloud platforms (AWS, Azure, GCP).
• Deep understanding of attacker TTPs across modern zero-trust environments, including identity compromise, token theft, and abuse of trust boundaries.
• Proficient understanding of macOS internals and telemetry available to identify macOS-specific threats.
• Experience implementing detection-as-code workflows, including version control, peer review processes, automated testing, and CI/CD deployment pipelines.
• Basic proficiency with Python, Golang, or other programming languages.
• Relevant certifications such as GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similar are a plus.

Nice to Have

• Background in offensive security or red teaming for a deeper understanding of threat actor methodologies.
• Knowledge of machine learning for threat detection to enhance the development of sophisticated detection logic.
• Experience with SOAR solutions and automation workflows to further optimize security operations.

Benefits and Perks

• Competitive compensation package, reflecting the value Instacart places on its cybersecurity professionals.
• Opportunities for professional growth and development in a rapidly expanding company.
• Flexible working environment, embracing Instacart's Flex First approach to work.
• Access to cutting-edge technologies and tools, ensuring you stay at the forefront of cybersecurity.
• Comprehensive health benefits, reflecting Instacart's commitment to the well-being of its employees.
• Generous PTO and holidays, allowing for a healthy work-life balance.
• Remote work stipend to support your home office setup and productivity.

• Ensure you have a solid foundation in programming languages such as Python or Golang, as these are frequently used in detection engineering tasks.
• Highlight any experience with detection-as-code workflows and your understanding of cloud-native environments in your application.
• Prepare to discuss specific examples of threat detection logic you've developed and how you've applied them in previous roles.
• Showcase your knowledge of attacker TTPs and how you stay updated on the latest threat intelligence.
• When discussing your experience with automation and SOAR, focus on how these tools have improved detection triage and response times in your previous roles.
• Consider including a link to a personal project or a contribution to an open-source security project in your application to demonstrate your skills and passion for cybersecurity.
• Be ready to explain your approach to mentorship and how you've helped junior team members grow in their roles, as this is an important aspect of the Senior Detection Engineer position at Instacart.