Raya Β· 5 days ago
Senior Threat Detection and Response Engineer - π΅ Blue Team
United States
Full-time
Remote
Senior Level
5+ years expRaya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Senior Threat Detection and Response Engineer is responsible for leading the internal threat detection and incident response capabilities, ensuring effective security tooling and management of security incidents.
CommunitiesMobile AppsSocial Network
Responsibilities
Threat Detection & Security Tool Management
Platform Ownership (Operational Focus): Act as the primary internal operations owner and subject matter expert for key security platforms, including Endpoint Detection and Response (EDR), Cloud Detection and Response (CDR), Cloud-Native Application Protection Platform (CNAPP), Security Information and Event Management (SIEM), and Network Detection and Response (NDR). Triage findings from tools like Shodan, Horizon3.ai, and ZeroFox
Operational Optimization: Continuously monitor, tune, and optimize security tool configurations to ensure maximum detection efficacy and minimize false positives, focusing on the strategic direction of the platforms
Signal Integrity: Proactively monitor and implement solutions to detect sensor and logging signal loss across all security platforms to ensure complete visibility
Use Case Development: Collaborate with internal and vSOC teams to develop, test, and implement new detection use cases and correlated alerts within the SIEM and other platforms
Shared Engineering: Partner closely with the Infrastructure Security Engineer role regarding the foundational engineering, deployment, and infrastructure health of these security platform
Proactive Threat Hunting: Regularly execute threat hunting exercises based on current threat intelligence, internal knowledge, and platform capabilities to identify stealthy, pre-execution, or undetected threats across the environment
Vulnerability Triage & Prioritization: Immediately triage, prioritize, and drive remediation for critical security vulnerabilities and security findings (e.g., from CNAPP or vulnerability scanners) that warrant treatment as a high-severity security incident
Incident Response (IR) and Digital Forensics (DFIR)
Triage and Initial Handling: Serve as the internal escalation point for critical alerts from the vSOC. Perform rapid triage, scoping, and initial handling/containment for security incidents
Small-Scale Forensics: Handle end-to-end incident response and digital forensics for small-scale, routine incidents (e.g., minor malware infections, policy violations)
Outsourced IR Coordination: Act as the technical lead and liaison for larger, complex security incidents, coordinating activities and providing necessary data and context to retained external incident response firms
Process Improvement: Develop, refine, and maintain internal runbooks, playbooks, and Standard Operating Procedures (SOPs) for incident response and threat hunting
VSOC Oversight and Partnership
Liaison: Serve as the primary technical point of contact between our internal teams and the external vSOC/MSSP partner
Performance Monitoring: Oversee the vSOC's performance, ensuring adherence to established SLAs and quality standards for alert handling, monitoring, and reporting
Strategic Direction: Guide the vSOC's focus by communicating organizational risks, strategic priorities, and desired operational outcomes
Reporting: Generate and present regular reports on operational security metrics, incident trends, and vSOC performance to internal stakeholders
Security Awareness and Communication
Monthly Security Newsletter: Produce and distribute a mandatory monthly security newsletter covering threat intelligence, tool adoption, compliance/best practices, and internal case studies
Annual Security Awareness Training: Develop, update, and manage the mandatory annual security awareness training for all personnel, focusing on relevance, engagement, and high-risk behaviors
Qualification
Required
5+ years of experience in Security Operations, Threat Hunting, Incident Response, or a closely related field
Expert-level hands-on operational and tuning experience with one or more major platforms across EDR (e.g., CrowdStrike, SentinelOne), SIEM (e.g., Splunk, Microsoft Sentinel), and Cloud Security (e.g., CNAPP solutions)
Strong understanding of security alert analysis, log review, data correlation techniques, threat modeling, and alert suppression/refinement
Proven experience in incident triage, evidence preservation, chain of custody, and basic forensic analysis techniques
You must have one of the following: CISSP-ISSAP (Incident Response content within CISSP) β (ISC)Β², GIAC Certified Incident Handler (GCIH) β GIAC, GIAC Cyber Threat Intelligence (GCTI) β GIAC, GIAC Network Forensic Analyst (GNFA) β GIAC, GIAC Certified Forensic Analyst (GCFA) β GIAC, Certified Ethical Hacker (CEH) β EC-Council, EC-Council Certified Incident Handler (ECIH) β EC-Council, Certified Computer Examiner (CCE) β IACIS, EnCase Certified Examiner (EnCE) β Guiding Tech, Certified Forensic Computer Examiner (CFCE) β ISFCE, CREST Registered Incident Handler (CRIH) β CREST, CREST Certified Incident Manager (CCIM) β CREST, ISO/IEC 27035 Lead Implementer (IR process) β PECB/OTHER, Certified Digital Forensics Examiner (CDFE) β Mile2, CompTIA Cybersecurity Analyst (CySA+) β CompTIA
Solid understanding of network protocols, operating system internals (Windows, macOS, Linux), and cloud environments (AWS, Azure, or GCP)
Deep understanding of threat detection and incident response within major cloud environments (AWS, Azure, or GCP), including knowledge of cloud logging sources, native security tools, and common attack paths
Familiarity with security concepts and threat detection within container orchestration platforms, such as Kubernetes, OpenShift, or similar variants
Excellent communication, documentation, and partnership management skills
Preferred
GIAC Certified Incident Handler (GCIH) is highly preferred
Direct experience with deploying, configuring, and tuning network security monitoring tools (e.g., Suricata, Snort, Zeek, Corelight) or similar commercial network detection and response (NDR) solutions, especially within cloud environments (AWS/Azure/GCP)
Proficiency in scripting languages (e.g., Python, GoLang) for automating security tasks, incident response steps, or data analysis
Experience with native cloud security services (e.g., AWS Security Hub, Azure Sentinel, GCP Security Command Center)
Benefits
Comprehensive medical and dental coverage
$50 a day food delivery budget
Equity based employment
A great culture
Learning opportunities
Unlimited vacation
12 weeks paid parental leave
$1,000 a year to go somewhere in the world that theyβve never been
Company
Raya
Raya is an online membership-based community for dating, networking, and accessing exciting opportunities around the world.
51-200 employees
H1B Sponsorship
Raya has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (2)
2023 (1)
Funding
Current Stage
Growth StageTotal Funding
unknownKey Investors
Atlas Finance Group
2019-06-14Undisclosed
2016-12-22Pre Seed
Leadership Team
Matt Kissner
COO
Dylan Moore
Senior Engineering Manager
Recent News
2025-11-07
Business Insider
2025-09-09
2025-08-22
Company data provided by crunchbase