{"id":908,"date":"2025-12-24T09:02:24","date_gmt":"2025-12-24T09:02:24","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=908"},"modified":"2025-12-24T09:02:28","modified_gmt":"2025-12-24T09:02:28","slug":"detection-response-engineer-expel-remote","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/detection-response-engineer-expel-remote\/","title":{"rendered":"Detection &#038; Response Engineer \u2013 Expel (Remote)"},"content":{"rendered":"\n<p>\u200bThis role at <strong>Expel<\/strong> is a specialized engineering position designed to automate the heavy lifting of a Security Operations Center (SOC). Expel is a leader in the <strong>Managed Detection and Response (MDR)<\/strong> space, known for its transparent, &#8220;technology-agnostic&#8221; platform called <strong>Workbench&#x2122;<\/strong>. In this role, you aren&#8217;t just reacting to alerts; you are the architect building the systems that enrich, triage, and potentially resolve those alerts before a human even touches them.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Primary Platform:<\/strong> <strong>Expel Workbench&#x2122;<\/strong><\/li>\n\n\n\n<li>\u200b<strong>Location:<\/strong> 100% Remote<\/li>\n\n\n\n<li>\u200b<strong>Core Languages:<\/strong> Python and Go<\/li>\n\n\n\n<li>\u200b<strong>Target Experience:<\/strong> 1+ years in detection tools and 3+ years in IT\/SecOps preferred<\/li>\n\n\n\n<li>\u200b<strong>Tech Integrations:<\/strong> EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Sumo Logic), and Cloud (AWS CloudTrail, GCP, Azure).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Automating the &#8220;Super Hero&#8221; Analyst<\/h2>\n\n\n\n<p>\u200bExpel\u2019s philosophy is that scaling a SOC shouldn&#8217;t require more people; it should require better automation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bDetection Strategy &amp; Rule Engineering<\/h3>\n\n\n\n<p>\u200bYou will create and tune detections for Expel\u2019s proprietary rule engine. This involves analyzing diverse datasets\u2014such as <strong>Windows Event Logs, CloudTrail, and auditd<\/strong>\u2014to identify attacker tactics. You will translate the latest threat research into automated detections that run across a combinatorial explosion of customer environments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bWorkflow Automation with Python<\/h3>\n\n\n\n<p>\u200bA core part of your day involves writing automation in <strong>Python<\/strong> or <strong>Go<\/strong> using Expel&#8217;s orchestration framework. Your goal is to eliminate manual &#8220;pivoting&#8221; between tools. You will build integrations that automatically enrich alerts with IP reputation, EDR context, and user identity data, ensuring that when an analyst does open an alert, they have the &#8220;whos, whats, and wheres&#8221; in seconds.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bTechnology Evaluation &amp; Integration<\/h3>\n\n\n\n<p>\u200bExpel integrates with over 125 different security vendors. You will evaluate technology <strong>APIs<\/strong> to design new detection and response solutions. This includes understanding how to harness signals from cloud service providers and integrating them into the <strong>Workbench platform<\/strong> to uncover threats that single-tool silos might miss.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications and Skills<\/h2>\n\n\n\n<p>\u200bExpel is looking for an engineer with a &#8220;practitioner&#8217;s empathy&#8221;\u2014someone who understands the pain of alert fatigue and knows how to build tools to stop it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Technical Experience:<\/strong> 1+ years with EDR, NSM, and SIEM tools. Experience writing and tuning custom detections is mandatory.<\/li>\n\n\n\n<li>\u200b<strong>Programming:<\/strong> Proficiency in <strong>Python<\/strong> or <strong>Go<\/strong>. You should be comfortable with object-oriented programming to build scalable automation.<\/li>\n\n\n\n<li>\u200b<strong>Operating Systems:<\/strong> Deep understanding of <strong>Windows, macOS, and Linux<\/strong>, including command-line forensics and log analysis.<\/li>\n\n\n\n<li>\u200b<strong>Networking &amp; Cloud:<\/strong> Solid grasp of <strong>TCP\/IP<\/strong> and the <strong>OSI model<\/strong>, as well as cloud <strong>IAM (Identity and Access Management)<\/strong> models in AWS, Azure, or GCP.<\/li>\n\n\n\n<li>\u200b<strong>Soft Skills:<\/strong> A &#8220;culture of experimentation&#8221; mindset and high empathy for the demands of a 24\/7 SOC environment.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bWhy Expel is Unique: Transparency and &#8220;Anti-Burnout&#8221;<\/h2>\n\n\n\n<p>\u200bExpel prides itself on being &#8220;100% transparent.&#8221; Customers can see every action taken by an analyst or an automation script in real-time. For a Detection &amp; Response Engineer, this means your code is the engine of that transparency. You are helping to drive a <strong>23-minute Mean Time to Respond (MTTR)<\/strong> for critical threats, directly impacting the security posture of some of the world&#8217;s largest brands.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis role at Expel is a specialized engineering position designed to automate the heavy lifting of a Security Operations Center (SOC). Expel is a leader in the Managed Detection and Response (MDR) space, known for its transparent, &#8220;technology-agnostic&#8221; platform called Workbench&#x2122;. In this role, you aren&#8217;t just reacting to alerts; you are the architect building [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[],"jobpost_tag":[397,1340,4124,3235,4125,1263,3624,24,81,1250,4126],"class_list":["post-908","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_tag-automation","jobpost_tag-cloud-security","jobpost_tag-detection-response-engineer","jobpost_tag-edr","jobpost_tag-expel","jobpost_tag-go","jobpost_tag-mdr","jobpost_tag-python","jobpost_tag-remote","jobpost_tag-siem","jobpost_tag-workbench"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=908"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=908"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=908"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=908"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}