Security Engineer - Detection & Incident Response (Remote) in MEXICO

An Exceptional Opportunity with a Leading Cloud-Native HealthSec Organization

Our client, a rapidly growing technology company revolutionizing their industry, seeks an experienced Security Engineer to fortify their security operations and incident response capabilities. This role offers the rare combination of technical depth, strategic influence, and the opportunity to shape security architecture at a company experiencing significant growth.

You will serve as a technical leader in security operations, wielding Python as your primary instrument to construct sophisticated detection mechanisms and automated response systems. This position demands both strategic vision and tactical execution—you will architect detection frameworks while maintaining hands-on involvement in threat hunting and incident response.

Detection Engineering & Automation

• Architect and implement detection-as-code frameworks using Python, creating high-fidelity detection rules that minimize false positives
• Design automated response workflows that accelerate mean time to remediation
• Build custom integrations between security platforms via APIs, creating a cohesive security ecosystem
• Develop parsing and enrichment pipelines for complex data sources

Threat Hunting & Analysis

• Conduct proactive threat hunting across AWS cloud infrastructure and corporate environments
• Perform deep-dive analysis of security events, uncovering sophisticated attack patterns
• Analyze network traffic, system logs, and endpoint artifacts to identify indicators of compromise
• Translate threat intelligence into actionable detection strategies

Incident Response Leadership

• Lead technical response efforts during critical security incidents
• Develop and maintain incident response playbooks leveraging SOAR platforms
• Automate repetitive response actions through custom Python scripts
• Conduct post-incident analysis to strengthen defensive posture

Platform Optimization & Strategy

• Optimize SIEM, SOAR, and EDR platforms for maximum effectiveness
• Define technical roadmaps for detection and response capabilities
• Influence security practices across engineering and IT organizations
• Mentor team members and establish best practices
  

Technical Proficiency

• 5+ years of hands-on experience in Security Operations, Detection Engineering, or Incident Response
• Advanced Python programming skills for security automation, data analysis, and tool development
• Deep expertise with AWS security services including CloudTrail, GuardDuty, Security Hub, and IAM
• Proven experience developing detection content for enterprise SIEM platforms (Splunk, Elastic Security, Sentinel)
• Hands-on expertise with EDR solutions (CrowdStrike, SentinelOne, Carbon Black)

Operational Knowledge

• Mastery of incident response methodologies and the MITRE ATT&CK framework
• Experience with infrastructure-as-code (Terraform) for security resource deployment
• Proficiency in log analysis, network traffic analysis, and digital forensics
• Understanding of cyber kill chain and threat actor tactics, techniques, and procedures

Educational Background

• Bachelor's degree in Computer Science, Information Technology, or related field
• Equivalent professional experience considered in lieu of degree
  

• Experience with SOAR platforms (Splunk SOAR, Palo Alto XSOAR, Tines)
• Industry certifications: GCIH, GCFA, GNFA, GREM, AWS Security Specialty, Splunk Certified Architect/Consultant
• Purple team or adversary simulation experience
• Track record of technical mentorship and knowledge transfer
  

Compensation & Benefits

• Highly competitive base salary commensurate with experience
• Comprehensive medical, dental, vision, and life insurance
• 401(k) retirement program with company matching
• Flexible spending accounts
• Short-term and long-term disability coverage

Work-Life Integration

• Fully remote position with flexible scheduling
• Discretionary paid time off policy
• 12 paid holidays annually
• Paid parental leave
• Employee assistance program

Professional Development

• Continuous learning opportunities and training budget
• Conference attendance and certification support
• Exposure to cutting-edge security technologies
• Direct influence on security strategy and architecture
  

This is a remote position. However, the following locations are preferred: San Francisco, CA, Plano, TX, Lehi, UT, or Mexico.

Depends on location and experience.

Our specialized cybersecurity recruiting team will conduct initial technical screening to ensure alignment with our client's requirements. Selected candidates will proceed through a streamlined interview process designed to respect your time while thoroughly evaluating technical capabilities.

To apply, submit your resume highlighting your detection engineering and incident response experience. Include specific examples of detection rules you've developed, incidents you've managed, or security automation you've implemented.

We are a boutique cybersecurity staffing firm specializing in placing exceptional security talent with innovative companies. Our deep industry expertise and extensive network enable us to match skilled professionals with organizations where they can make a significant impact.