Staff Detection & Response Engineer

We all have important information we need to manage, and protecting it should be easy. Over 100,000 businesses and millions of people log in to 1Password to unlock smart, simple access to everything they care about. Our vision is to create a safer, simpler digital future for everyone, and our culture values simplicity, honesty and a human-centric approach to solving problems. Come help us unlock peace of mind so everyone can stay safer online.
At 1Password, customer privacy and security come first and foremost; this commitment informs everything we do, and the Security Team is responsible for upholding this commitment. We are a passionate team that truly cares about protecting our customers, and we’re looking for new team members that share this passion.
The Security team is responsible for protecting our systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. This is achieved through a combination of technical and administrative controls, risk management processes, and ongoing monitoring and testing. We accomplish these things by building close relationships with internal stakeholders to build trust.
As a Staff Detection and Response Engineer of this team, you’ll be responsible for shaping the technology that your team uses in its daily operations. You’ll help define and set the strategic direction and influence the personal development of the team members.
Join us and unleash the excitement of protecting the digital world.
This is a Remote opportunity within Canada and the US.

What we're looking for:

• Minimum 7 years of experience in a security role that relates to detection and response (Detection Engineering, Digital Forensics, Incident Response, and/or Threat Intelligence)  
• Understanding of current threat landscape, malicious actors’ tactics and techniques using reputable security frameworks
• Experience leading complex and ambiguous cross-functional projects from design through implementation
• Experience with data analytics and using a SIEM for the purpose of writing custom detections to identify threats
• Comfortable writing, tuning and improving existing detections using various programming languages
• Experience analyzing security events and scenarios to assess potential security or privacy impacts
• Comfortable with cloud environments (AWS, GCP, etc.) incident management software, operating systems, log analysis tools and software development processes such as Gitlab or Github
• Must excel in communication and demonstrate an exemplary customer service mindset
• Bonus: Candidates with any of the following credentials OSCP, SANS GIAC: GCIA, GPEN, GCIH, GCFA, GMON, GCDA, or GCED or a degree in Computer Science

What you can expect:

• Own detection lifecycle from use case development conceptualization to alert creation with playbooks
• Architect automations and integrations between systems in the environment
• Responsible for development & improvement of processes & procedures
• Engineering fields and search queries in various query languages to conduct log analysis
• Potential work on nights or weekends in the event a significant security issue is discovered
• Partner with developers, engineers and other departments to review and address security issues
• Be subject matter expert on our security tooling
• Write and execute response playbooks
• Leading security incidents discovered internally and ensure they are addressed in a timely manner
• Implementing improvements to the security incident response program
• Collaborate, train and mentor team members to uphold a high team standard

Even if you don't tick all those boxes, we'd like to hear from you.
The most important thing you can bring to this job is the drive to dive in, get the work done, and fix root causes instead of treating symptoms. We believe in continuous learning and support professional development on the job with a budget to back it up. If you bring a desire to do the right thing for our customers, a sense of ownership over the product you work on, and a focus on shipping quality code, we want to hear from you.
United States-based roles only: Minimum annual salary for this role is $153,000 USD, plus immediate participation in 1Password’s benefits program (health, dental, 401k and many others), utilization of our generous paid time off and, where applicable, participation in our incentive programs. All employees are owners of 1Password and receive an equity grant as part of their total package. At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.
What we offer:
We believe in working hard, and resting hard. We’re always looking for new ways to support our team members, but here’s a glance at what we currently offer:
Health and wellbeing> 👶 Maternity and parental leave top up programs> 👟 Wellness spending account> 🏝 Generous PTO policy > 💖 Company-wide wellness days off scheduled throughout the year > 🧠 Complimentary Headspace membership> 🩺 Comprehensive health coverage
 Growth and future > 📈 Employee stock option program for all full time employees > 💸 Retirement matching program> 💡 Training budget, 1Password University access, and learning sessions > 🔑 Free 1Password account (and friends and family discount!) 
Flexibility and community> 🤝 Paid volunteer days > 🌎 Employee-led DEI&B programs and ERGs> 🏠 Fully remote environment> 🏆 Peer-to-peer recognition through Bonusly
You belong here.
1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.
Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at nextbit@agilebits.com and we’ll work to meet your needs.
Candidate Privacy Notice
When you apply for a position, refer a candidate, or are being considered for a role at AgileBits, Inc. (dba 1Password, 1Password, we, us, or our), your information is stored in Lever, in accordance with Lever's Service Privacy Notice. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background.
Candidates may also optionally choose to self-identify their race/ethnicity, gender identity, sexual orientation, age, and disability. These answers will help us evaluate our diversity and belonging efforts. You do not have to answer these questions—your answers will not be linked to your name or job application, will not be visible to the hiring manager reviewing your application, and will in no way affect your job application. If you have any questions about the collection or use of this information, please contact [dpo@1password.com].
When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how we use or process your information, or if you would like to ask to access, correct, or delete your information, please contact our privacy team at [dpo@1password.com] or through 1Password Support.