Engineering Manager, Security Detection & Response

Apollo.io Apollo.io · Enterprise · United States · Engineering

Engineering Manager for Security Detection & Response, responsible for managing engineers and building/scaling technical systems including detection engineering, automation, and AI-native workflows for security operations. The role involves hands-on leadership, coaching, and technical decision-making, with a focus on AI-assisted triage, investigation, and response processes.

What you'd actually do

  1. Own and continuously improve end-to-end detection, investigation, response, post-incident review, and threat intelligence-informed improvement processes, including AI-assisted triage and investigation workflows.
  2. Define and evolve security observability and detection strategy, including telemetry onboarding, signal quality, threat intelligence inputs, alert tuning, and coverage validation.
  3. Transform security operations processes through practical use of AI, including designing agents and AI-native workflows for triage, enrichment, investigation, and response.
  4. Drive Python-based tooling, CI/CD practices, and pragmatic use of AI to improve the speed, quality, and reliability of Security Detection & Response workflows.
  5. Build, lead, and retain a high-performing remote Security Detection & Response team with clear expectations, strong onboarding, documentation, and knowledge-sharing practices.

Skills

Required

  • 5+ years of experience in Security Detection & Response, Security Engineering, or Incident Response
  • 2+ years of people management experience, including hiring, coaching, and performance management, ideally in a remote-first environment
  • Strong hands-on experience with modern SIEM platforms, security observability, detection engineering, log analysis, and complex security investigations
  • Strong proficiency in Python for automation, analysis, and internal tooling
  • Experience with automation, Git-based workflows, CI/CD practices, threat intelligence-informed detections, AI-assisted workflows
  • Experience with cloud-native platforms, security telemetry, and SaaS environments
  • Excellent written and verbal communication, leadership, and stakeholder management skills

Nice to have

  • experience with Panther is highly valued
  • GCP experience preferred
  • Familiarity with toolsets similar to Apollo's, including Google Workspace, Okta, GitHub, Slack, Atlassian, Cloudflare, CrowdStrike, Kandji, Panther, and Snowflake-backed log pipelines, is strongly valued
  • Experience leading Detection Engineering, Security Engineering, or Security Detection & Response teams in a high-growth cloud or SaaS environment
  • Experience applying AI-assisted security tooling to detection, triage, investigation, or response in a production environment
  • Familiarity with MITRE ATT&CK, threat intelligence workflows, and vulnerability management programs, SLAs, and remediation processes
  • Relevant certifications such as CISSP, GCIA, GCIH, GCED, or cloud security certifications

What the JD emphasized

  • AI-assisted triage and investigation workflows
  • designing agents and AI-native workflows for triage, enrichment, investigation, and response
  • building agents or AI-native workflows for security content, tooling, or response processes

Other signals

  • AI-assisted triage and investigation workflows
  • designing agents and AI-native workflows for triage, enrichment, investigation, and response
  • Python-based tooling, CI/CD practices, and pragmatic use of AI to improve the speed, quality, and reliability of Security Detection & Response workflows
  • Experience with automation, Git-based workflows, CI/CD practices, threat intelligence-informed detections, AI-assisted workflows, and building agents or AI-native workflows for security content, tooling, or response processes.