Note: The job is a remote job and is open to candidates in USA. Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. They are seeking a technical Engineering Manager to lead their Security Detection & Response function, responsible for managing engineers and building technical systems for modern security operations.
Responsibilities
- Own and continuously improve end-to-end detection, investigation, response, post-incident review, and threat intelligence-informed improvement processes, including AI-assisted triage and investigation workflows
- Lead complex and high-severity incidents with clear decision-making, effective stakeholder communication, and accountable follow-through on remediation
- Stay technically engaged in investigations across cloud infrastructure, SaaS platforms, corporate systems, user behavior, and abuse scenarios, and translate incident learnings, platform changes, and threat trends into Security Detection & Response priorities
- Define and evolve security observability and detection strategy, including telemetry onboarding, signal quality, threat intelligence inputs, alert tuning, and coverage validation
- Oversee Panther detections, MITRE ATT&CK-aligned use cases, investigation playbooks, and response automations, with measurement and validation loops for coverage, precision, latency, tuning effectiveness, safe rollout, and attack-simulation-based validation
- Transform security operations processes through practical use of AI, including designing agents and AI-native workflows for triage, enrichment, investigation, and response
- Drive Python-based tooling, CI/CD practices, and pragmatic use of AI to improve the speed, quality, and reliability of Security Detection & Response workflows
- Build, lead, and retain a high-performing remote Security Detection & Response team with clear expectations, strong onboarding, documentation, and knowledge-sharing practices
- Coach engineers to grow in technical depth, operational ownership, and leadership capability while partnering closely with Engineering, IT, Fraud, Legal, People, Support, and Product on incidents, investigations, and security improvements
- Work closely with Engineering and Infrastructure on telemetry quality, data pipelines, and operational readiness, and communicate security risk, incident impact, and remediation plans clearly to technical and non-technical stakeholders
- Define and review strategy-aligned metrics and reporting that measure Security Detection & Response effectiveness, highlight trends and gaps, and inform priorities and stakeholder decisions
Skills
- 5+ years of experience in Security Detection & Response, Security Engineering, or Incident Response
- 2+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment
- Strong hands-on experience with modern SIEM platforms, security observability, detection engineering, log analysis, and complex security investigations; experience with Panther is highly valued
- Strong proficiency in Python for automation, analysis, and internal tooling, with the ability to remain technically credible with engineers
- Experience with automation, Git-based workflows, CI/CD practices, threat intelligence-informed detections, AI-assisted workflows, and building agents or AI-native workflows for security content, tooling, or response processes
- Experience with cloud-native platforms, security telemetry, and SaaS environments; GCP experience preferred. Familiarity with toolsets similar to Apollo's, including Google Workspace, Okta, GitHub, Slack, Atlassian, Cloudflare, CrowdStrike, Kandji, Panther, and Snowflake-backed log pipelines, is strongly valued
- Excellent written and verbal communication, leadership, and stakeholder management skills
- Experience leading Detection Engineering, Security Engineering, or Security Detection & Response teams in a high-growth cloud or SaaS environment
- Experience applying AI-assisted security tooling to detection, triage, investigation, or response in a production environment
- Familiarity with MITRE ATT&CK, threat intelligence workflows, and vulnerability management programs, SLAs, and remediation processes
- Relevant certifications such as CISSP, GCIA, GCIH, GCED, or cloud security certifications
Benefits
- Equity
- Company bonus or sales commissions/bonuses
- 401(k) plan
- At least 10 paid holidays per year, flex PTO, and parental leave
- Employee assistance program and wellbeing benefits
- Global travel coverage
- Life/AD&D/STD/LTD insurance
- FSA/HSA and medical, dental, and vision benefits
Company Overview
Company H1B Sponsorship