Senior Detection & Response Engineer

Greystar Worldwide, LLC$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years in security operations, detection engineering, incident response, or a combined security engineering role
  • Ability to build detections and understand underlying logic instead of just operating a tool
  • Hands-on digital forensics experience across endpoint and cloud
  • Proficiency in scripting and automation (Python, PowerShell, KQL, etc.)
  • Working knowledge of attacker tradecraft and TTPs
  • Experience with API integrations in security and identity platforms
  • Proficiency with EDR platforms
  • Strong understanding of hybrid identity environments

Responsibilities

  • Design, build, test, and tune detection rules in SIEM and security tooling
  • Develop scripts and automation for detection engineering and incident response
  • Lead end-to-end incident response investigations
  • Conduct forensic analysis on hosts and cloud environments
  • Participate in on-call rotation and perform incident analysis
  • Analyze log sources from Microsoft 365 and Entra ID
  • Investigate EDR detections and recommend containment actions
  • Create and maintain automated response playbooks

Benefits

  • Competitive Medical, Dental, Vision, and Disability & Life insurance
  • Generous Paid Time off including vacation, personal days, sick days, and holidays
  • Onsite housing discounts at Greystar-managed communities
  • 6-Week Paid Sabbatical after 10 years of service
  • 401(k) with Company Match up to 6% after 6 months
  • Paid Parental Leave and lifetime Fertility Benefit reimbursement
  • Employee Assistance Program
  • Various critical illness and insurance plans
Full Job Description
JOB DESCRIPTION SUMMARY
Greystar is seeking a Senior Detection & Response Engineer to join our Cybersecurity Operations team. This is a hybrid engineering and operations role for someone who can build detections, write code and automation, run full incident response investigations, and apply solid security engineering fundamentals across our environment. You will own the full loop: engineer the detection, respond to what it catches, and feed those lessons back into stronger coverage. This role spans EDR, IAM, SIEM, Data governance and works closely with our SOC.

JOB DESCRIPTION

Responsibilities

  • Design, build, test, and tune detection rules across our SIEM and security tooling, targeting real attack techniques observed in our environment


  • Build scripts, automation, and API integrations (using code and AI tooling) to accelerate detection engineering, investigation, and response workflows


  • Lead incident response investigations end to end, from triage through containment, eradication, and closure


  • Perform host and cloud forensic analysis, including disk, memory, and log artifact examination to reconstruct attacker activity and establish incident timelines


  • Participate in an on-call rotation and perform hands-on alert and incident analysis


  • Analyze Microsoft 365 and Entra ID log sources including interactive sign-ins, non-interactive sign-ins, audit logs, and the unified audit log


  • Investigate EDR detections, perform process tree analysis, and recommend containment actions


  • Triage and investigate escalations from the SOC


  • Develop and maintain automated response playbooks


  • Conduct root cause analysis and determine initial access, persistence, and exfiltration methods during investigations


  • Apply security engineering fundamentals to improve identity security, conditional access, and endpoint posture


  • Produce clear, executive-ready incident briefings, IOC documentation, and technical writeups


  • Identify and tune false positive patterns to improve detection fidelity


Required Qualifications

  • 6+ years in security operations, detection engineering, incident response, or a combined security engineering role


  • Demonstrated ability to build detections and understand the underlying logic, not just operate a tool


  • Hands-on digital forensics experience across endpoint and cloud, including artifact collection, timeline reconstruction, and evidence handling


  • Proficiency scripting and building automation (Python, PowerShell, KQL, or similar), including the effective use of AI tooling to accelerate development


  • Working knowledge of attacker tradecraft and the ability to attribute activity based on TTPs


  • Experience building or consuming API integrations across security and identity platforms


  • Proficiency with EDR platforms


  • Working knowledge of SIEM platforms and detection rule development


  • Strong understanding of hybrid identity environments, including AD Connect sync behavior and Entra ID


  • Experience investigating modern attack techniques including AiTM phishing, OAuth consent abuse, BEC, token replay, and living-off-the-land techniques


  • Solid security engineering fundamentals across identity, endpoint, and cloud


  • Willingness to participate in an on-call rotation and perform hands-on incident response


  • Strong written communication and documentation discipline


Preferred Qualifications

  • Demonstrated use of AI tools (such as Claude, Copilot, or similar) to accelerate detection engineering, investigation workflows, scripting, and documentation


  • Experience prompting and directing AI models to produce useful outputs in a security context, including log analysis, detection logic drafting, and incident timeline construction


  • Familiarity with Microsoft Sentinel, including analytic rule development using KQL and automation via Logic Apps or Playbooks


  • Familiarity with Microsoft Entra ID, Purview and Defender Suite


  • Hands-on experience with CrowdStrike Falcon, including alert triage, process tree analysis, and prevention policy management


  • Experience with identity security tooling such as Saviynt, Entra ID Protection, or similar IGA and privileged access platforms


  • Prior experience in a large enterprise or managed security environment (5,000+ endpoints or 10,000+ users)


  • Relevant certifications such as GCIA, GCIH, GCFE, GCFA, SC-200, AZ-500, or equivalent


What You'll Work On

This is a hands-on role with real ownership. You will build the detections that protect Greystar, respond to the incidents they surface, and continuously improve coverage based on what you learn in the field. You will write the automation that makes the team faster, investigate live compromises, and have direct input into detection strategy, SIEM direction, and identity security architecture. You will work directly with the Senior Manager of Cybersecurity Operations on initiatives including our SIEM migration to Microsoft Sentinel and ongoing detection engineering buildout.

Additional Compensation:

Many factors go into determining employee pay within the posted range including business requirements, prior experience, current skills and geographical location.
  • Corporate Positions: In addition to the base salary, this role may be eligible to participate in a quarterly or annual bonus program based on individual and company performance.
  • Onsite Property Positions: In addition to the base salary, this role may be eligible to participate in weekly, monthly, and/or quarterly bonus programs.


Robust Benefits Offered*:
  • Competitive Medical, Dental, Vision, and Disability & Life insurance benefits. Low (free basic) employee Medical costs for employee-only coverage; costs discounted after 3 and 5 years of service.
  • Generous Paid Time off. All new hires start with 15 days of vacation, 4 personal days, 10 sick days, and 11 paid holidays. Plus your birthday off after 1 year of service! Additional vacation accrued with tenure.
  • For onsite team members, onsite housing discount at Greystar-managed communities are available subject to discount and unit availability.
  • 6-Week Paid Sabbatical after 10 years of service (and every 5 years thereafter).
  • 401(k) with Company Match up to 6% of pay after 6 months of service.
  • Paid Parental Leave and lifetime Fertility Benefit reimbursement up to $10,000 (includes adoption or surrogacy).
  • Employee Assistance Program.
  • Critical Illness, Accident, Hospital Indemnity, Pet Insurance and Legal Plans.
  • Charitable giving program and benefits.


*Benefits offered for full-time employees. For Union and Prevailing Wage roles, compensation and benefits may vary from the listed information above due to Collective Bargaining Agreements and/or local governing authority.

About Greystar Worldwide, LLC

Greystar Worldwide, LLC Careers

Joining Greystar Worldwide, LLC presents an unparalleled opportunity to become part of a leading team of professionals dedicated to pioneering innovations in the global marketplace. Greystar Worldwide, LLC stands as a beacon of career growth and professional development, offering a plethora of job opportunities across various sectors.

Explore Career Opportunities

Greystar Worldwide, LLC invites talented individuals to explore its diverse range of job opportunities. From internships that provide a solid foundation for future leaders to full-time positions that challenge and expand professional skills, Greystar Worldwide, LLC is a hub for career advancement.

Innovation and Leadership

At Greystar Worldwide, LLC, innovation intersects with leadership, driving the company to new heights in industry standards and operational excellence. Employees are encouraged to lead projects that set benchmarks in technology and service, fostering a culture of continuous improvement and creative problem-solving.

Diversity and Inclusion

With a commitment to diversity and inclusion, Greystar Worldwide, LLC ensures that all team members receive diversity training, promoting an environment where everyone’s contributions are valued. This approach not only enhances team dynamics but also contributes to the company’s robust problem-solving capabilities.

Professional Growth and Development

Career growth at Greystar Worldwide, LLC is not just a possibility—it is a priority. The company supports its employees with unmatched training programs, leadership development courses, and opportunities for networking and professional growth. This commitment ensures that every team member can reach their full potential.

Benefits and Culture

Greystar Worldwide, LLC is renowned for its vibrant culture and comprehensive benefits package designed to support the well-being and financial security of every team member. Employment at Greystar Worldwide, LLC means access to health benefits, retirement plans, and wellness programs that together create a supportive and positive workplace.

Join the Greystar Worldwide, LLC Team

Greystar Worldwide, LLC is actively hiring and looking for individuals who are passionate, curious, and driven to excel. Candidates interested in applying are encouraged to submit their resume and prepare for an interview process that values insight, experience, and a readiness to contribute to a dynamic team.

Stay Connected with Greystar Worldwide, LLC Careers

Stay informed about the latest in career opportunities and company news by subscribing to Greystar Worldwide, LLC job alerts and reading the careers blog. Personalize the subscription to receive updates that match specific career interests and skills.

SEARCH GREYSTAR WORLDWIDE, LLC JOBS

READ CAREERS BLOG

Greystar Worldwide, LLC is not just a company—it is a place where careers are made, skills are honed, and professional achievements are recognized and celebrated. Join Greystar Worldwide, LLC to be part of a team that is shaping the future through innovation, leadership, and a commitment to excellence.
Learn more about Greystar Worldwide, LLC

Similar Jobs

More Jobs at Greystar Worldwide, LLC

More Information Technology Jobs

Find similar Senior Detection & Response Engineer jobs: