Block
SecurityEngineer,Detection&ResponseMonitoring&Triage
“Security Engineer, Detection & Response - Monitoring & Triage at Block. Skills: Detection and Response, Incident Response, Security Engineering, AWS Security, Kubernetes Security, Linux Systems, SQL, Attacker TTPs, AI Development Workflow, Automation. Identify, investigate, and respond to threats across Block’s endpoints, cloud infrastructure, identity systems, SaaS platforms, vendor environments, and products. Build detections”
Industry & Context.
investigative judgment; working effectively across large, messy telemetry sets; ambiguous signals; novel attacker behavior; high-impact incidents; messy cross-environment investigations
working with other employees in multiple time zones, required to perform work outside of normal business hours as part of this role
What They're Looking For.
Must Have
5+ years of experience in detection and response, incident response, security engineering, or equivalent depth of hands-on investigative experience, AWS and Kubernetes security fundamentals, cloud-native logging, networking, and Linux systems, Experience leading incidents end-to-end, including scoping, containment, evidence collection, impact assessment, and stakeholder communication, SQL and log-query/analysis skills, with the ability to work effectively across large, messy telemetry sets without waiting for a perfect dashboard, Current, practical working knowledge of attacker TTPs across macOS, Windows, and Linux with live response and forensics, An established AI development workflow, Experience building, tuning, or maintaining detections, investigation workflows, or internal security tooling, An engineering mindset: you start looking for the detection, workflow, control, or automation change that will eliminate a manual pattern, The ability to work independently across time zones, managing competing priorities with empathy, patience, and curiosity
Nice to Have
Experience with threat intelligence and threat hunting, Experience with malware analysis, forensic artifact collection, or reversing, Experience working with human-in-the-loop automation or AI-assisted investigation systems
What You'll Do.
and respond to threats across Block’s endpoints
Automate investigations and response workflows
Prioritize work around real attacker behavior
Build investigation workflows and triage systems that resolve routine work
Develop active and automated triage capabilities
Monitor and present interesting findings to the broader team
Participate in tabletop exercises and post-incident reviews
How You'll Work.
Team & Collaboration
Present interesting findings to the broader team; Participate in tabletop exercises and post-incident reviews; Working with other employees in multiple time zones
Communication Scope
stakeholder communication
Process & Methodology
leading incidents end-to-end, scoping, containment, evidence collection, impact assessment, managing competing priorities
Applying for this Security Engineer, Detection & Response - Monitoring & Triage role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Block?
Real rants from real employees. Read before you apply.