​This role at Expel is a specialized engineering position designed to automate the heavy lifting of a Security Operations Center (SOC). Expel is a leader in the Managed Detection and Response (MDR) space, known for its transparent, “technology-agnostic” platform called Workbench™. In this role, you aren’t just reacting to alerts; you are the architect building the systems that enrich, triage, and potentially resolve those alerts before a human even touches them.

• ​Primary Platform: Expel Workbench™
• ​Location: 100% Remote
• ​Core Languages: Python and Go
• ​Target Experience: 1+ years in detection tools and 3+ years in IT/SecOps preferred
• ​Tech Integrations: EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Sumo Logic), and Cloud (AWS CloudTrail, GCP, Azure).

​Key Responsibilities: Automating the “Super Hero” Analyst

​Expel’s philosophy is that scaling a SOC shouldn’t require more people; it should require better automation.

​Detection Strategy & Rule Engineering

​You will create and tune detections for Expel’s proprietary rule engine. This involves analyzing diverse datasets—such as Windows Event Logs, CloudTrail, and auditd—to identify attacker tactics. You will translate the latest threat research into automated detections that run across a combinatorial explosion of customer environments.

​Workflow Automation with Python

​A core part of your day involves writing automation in Python or Go using Expel’s orchestration framework. Your goal is to eliminate manual “pivoting” between tools. You will build integrations that automatically enrich alerts with IP reputation, EDR context, and user identity data, ensuring that when an analyst does open an alert, they have the “whos, whats, and wheres” in seconds.

​Technology Evaluation & Integration

​Expel integrates with over 125 different security vendors. You will evaluate technology APIs to design new detection and response solutions. This includes understanding how to harness signals from cloud service providers and integrating them into the Workbench platform to uncover threats that single-tool silos might miss.

​Required Qualifications and Skills

​Expel is looking for an engineer with a “practitioner’s empathy”—someone who understands the pain of alert fatigue and knows how to build tools to stop it.

• ​Technical Experience: 1+ years with EDR, NSM, and SIEM tools. Experience writing and tuning custom detections is mandatory.
• ​Programming: Proficiency in Python or Go. You should be comfortable with object-oriented programming to build scalable automation.
• ​Operating Systems: Deep understanding of Windows, macOS, and Linux, including command-line forensics and log analysis.
• ​Networking & Cloud: Solid grasp of TCP/IP and the OSI model, as well as cloud IAM (Identity and Access Management) models in AWS, Azure, or GCP.
• ​Soft Skills: A “culture of experimentation” mindset and high empathy for the demands of a 24/7 SOC environment.

​Why Expel is Unique: Transparency and “Anti-Burnout”

​Expel prides itself on being “100% transparent.” Customers can see every action taken by an analyst or an automation script in real-time. For a Detection & Response Engineer, this means your code is the engine of that transparency. You are helping to drive a 23-minute Mean Time to Respond (MTTR) for critical threats, directly impacting the security posture of some of the world’s largest brands.