About the Role
Sigma is seeking a Senior Security Engineer- Detection & Response (Threat-Informed Defense) to join our Security Engineering team.You will act as the technical SME for threat Intelligence, detection and response, partnering across Security, Platform, Product, and Engineering to reduce risk and improve resilience at scale. You will bridge the gap between Cyber Threat Intelligence (CTI) and actionable defense, shaping our security architecture to withstand modern adversary tactics before they manifest in our environment.
_In this role you will not just administer the platforms. _** You'll ****write production-grade code, engineer scalable detections, automate response, and develop proactive threat controls using deep knowledge of cloud, identity, application, and data attack paths.**
What You’ll Do
- Adversary Response Planning: Develop and maintain a comprehensive adversary response strategy, mapping organizational risks to specific threat actor TTPs (Tactics, Techniques, and Procedures).
- Cross-Functional Leadership: Act as a Subject Matter Expert to Infrastructure, Engineering, and security teams. Guide these partners in implementing proactive security controls, ensuring that security is "baked in" to the development lifecycle and corporate infrastructure.
- Proactive Threat Modeling: Lead and build collaborative threat modeling sessions for new products and infrastructure, helping cloud platform, Engineering and IT identify and neutralize architectural weaknesses before deployment.
- Continuous Detection Engineering: Build, tune, and constantly update a library of high-fidelity detections. You will ensure our alerting logic evolves in lockstep with new exploitation techniques and industry benchmarks.
- Industry Alignment: Monitor the evolving security landscape (e.g., CISA advisories, new MITRE techniques) to ensure Sigma remains at the forefront of industry-standard security controls.
- Resilience Testing & Training: Design and lead cross-functional Incident Response simulations and tabletop exercises. Use these sessions to educate non-security teams on their roles during a crisis and to identify gaps in our defense-in-depth strategy.
- Advanced Incident Management: Lead the full lifecycle of high-severity security incidents, acting as the primary SME for containment and eradication while managing communication with executive leadership.
- Automation & Orchestration: Architect SOAR workflows to ensure common adversary techniques are met with immediate, automated remediation, reducing the manual burden on IT and Ops.
What We’re Looking For
- Minimum 7+ years in security with at least 5+ years deeply focused on detection engineering, incident response, or threat hunting in cloud-native environments and a track record of working in fast paced SaaS environments,moving organizations from reactive IR to threat-informed defense.
- Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
- Hands-on proficiency in securing AWS/GCP/Azure + modern Identity Stack, including experience with Kubernetes security and Terraform/IaC.
- Strong coding ability to build automations, security pipeline, detection as code etc.
- Deep understanding of cloud IAM attack paths, token/session abuse, API threats, and data exfiltration patterns, CI/CD for detections
- Experience designing and operating telemetry pipelines (normalization, correlation, data quality, schema strategy).
- Strong incident response leadership for high-severity events in production environments.
- Deep familiarity with threat intelligence frameworks (MITRE ATT&CK) and the ability to convert raw intel into actionable detection/prevention strategies.
- Proven experience running incident response tests, breach and attack simulations (BAS), or red/blue team exercises.
- Deep expertise in security tooling across SIEM, EDR, CNAPP, WAF, CASB, and Data Security platforms and judgment to know when to buy vs build.
- The ability to translate complex technical threats into clear, actionable guidance for both technical peers and executive leadership.
- Relevant certifications (nice-to-have): GCIA, GCIH, GCTI, CISSP, CCSP.
- Contributions to open-source security projects or published research (nice-to have)
Why Sigma?
At Sigma, security is at the core of our mission. We power insights and innovation for our customers, and protecting their data is our highest priority. As a Senior Security Engineer, you will have the autonomy to shape our Cyber Security strategy, access to cutting-edge technologies, and the opportunity to solve real problems at scale.
Join us and be part of a security team that values collaboration, innovation, and resilience—while giving you the room to grow, lead, and leave your mark on Sigma’s security journey.
Additional Job details
The base salary range for this position is $210k - $240k annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.
About us:
Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.
Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.
Come join us!
Benefits For Our Full-Time Employees:
- Equity
- Generous health benefits
- Flexible time off policy. Take the time off you need!
- Paid bonding time for all new parents
- Traditional and Roth 401k
- Commuter and FSA benefits
- Lunch Program
- Dog friendly office
Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow_._
Note: We have an in-office work environment in all our offices in SF, NYC, and London.
**Our Privacy Practices **
When you submit a job application on this site, Sigma processes your personal data for the purposes of evaluating your candidacy for employment at Sigma and as otherwise needed throughout the recruitment and hiring process. Please review Sigma’s Candidate Privacy Notice for more details. Please note that your personal data may be transferred to a country other than the one in which it was provided (including to USA, the UK, and Canada).
**Sigma’s use of AI **
This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making.