Imagine yourself as a Security Operations Center (SOC) analyst, and a new alert pops to the top of the queue. You open the alert and all of the data you need to make a decision is present. After a quick investigation, you’ve notified the customer of a potential security incident. Now, imagine you lead the team that created the detection logic, built the response actions that enriched the alert, and defined the scalable process that delivered this high-quality outcome.

You are the hands-on leader focused on innovating Expel’s detection & response capabilities. Your team creates and evolves our detection strategies, measurably improving our coverage of attacks across their lifecycle. The team also pioneers new, impactful features and technologies for the SOC through innovation, advanced engineering, and iterative, dependable delivery of value. This includes exploring and integrating concepts like automation, traditional ML, and GenAI.

What Expel can do for you

• We will place you in a critical leadership role that is central to the continuous evolution of our platform and the success of Expel’s business.
• We will enable you to deliver detection outcomes for our customers immediately within our existing platform, and with that experience, to define how we evolve the platform.
• We will facilitate your team’s research through access to one of the most exciting security data sets in the industry, originating from 100+ integrations.

What you can do for Expel

• Lead a high-performing team of Detection & Response engineers.
• Pioneer new, impactful features & technologies aimed at dramatically improving SOC efficacy and efficiency.
• Work closely with Product Management and Data Science teams to focus on delivering transformative capabilities to the SOC analysts.
• Ensure the team is continuously improving Expel’s detection and quality controls by creating, validating, and evolving our detection strategies, improving our measurement capabilities, and up-leveling our monitoring abilities.
• Instill a culture of experimentation, quality, and continuous improvement within the D&R team.

What you should bring with you

• 5+ years of related professional experience.
• Highly effective team management and project management skills.
• MDR experience strongly preferred.
• Senior or higher technical detection engineering expertise within at least one of identity, cloud, or endpoint security paradigms.
• Substantial understanding of detection engineering and associated technologies and frameworks.
• Strong knowledge of creating and validating detection strategies for a variety of technology types (e.g. identity, cloud, endpoint).
• In-depth knowledge of attack vectors, threat tactics, and attacker techniques.
• Familiarity with automation, traditional ML, and GenAI concepts and platforms (e.g., LLMs, agents).
• Familiarity with large-scale data processing/ETL pipelines and cloud infrastructure (AWS/Azure/GCP).

Additional Notes

The base salary range for this role is between $151,000 USD and $219,000 USD + bonus eligibility and equity.

We believe in paying transparently and equitably. Your salary will ultimately be based on factors such as your experience, skills, team equity, and market data. You’ll also be eligible for unlimited PTO (which we model and encourage), work location flexibility, up to 24 weeks of parental leave, and really excellent health benefits.

This role is remote.

We're only hiring those authorized to work in the United States. We do not currently sponsor immigration visas.

We're an Equal Opportunity Employer: you’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

#LI-Remote