Senior Detection Engineer

We're transforming the grocery industryAt Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.Instacart is a Flex First team There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.OverviewInstacarts Detection Engineering team sits at the core of our Security organization, building and operating the systems that identify, surface, and respond to threats across one of North America's largest grocery technology platforms. We own the full detection lifecycle — from telemetry collection and signal design to automated response — across a complex, cloud-native environment spanning endpoint, cloud, container, and SaaS.As a Senior Detection Engineer, you'll be a technical anchor on the team: developing high-fidelity detection logic, hunting for novel attacker techniques, and raising the bar for how we think about coverage, quality, and scale. You'll work closely with Engineering, Red Team, Incident Response, Fraud, and Trust & Safety to ensure our detections reflect real-world adversary behavior — not just signatures.We operate with a detection-as-code mindset: everything we build is versioned, tested, and deployed through repeatable pipelines. We care deeply about reducing noise, improving analyst efficiency through automation and SOAR, and continuously evolving our coverage as the threat landscape shifts.If you're energized by hard forensic problems, enjoy translating attacker TTPs into durable detection logic, and want to help shape the future of a growing security function, this role is for you.About the JobDevelop, tune, document, and maintain detection logic across multiple log sources including endpoint, cloud, container, and SaaS products.Assist in cyber forensic investigations across a variety of log sourcesOptimize log ingestion pipelines and telemetry collection to ensure high-quality, actionable security data while managing volume and costDesign and build SOAR playbooks and automation workflows to streamline detection triage, enrichment, and response actionsMentor junior security analysts and detection engineers on threat hunting methodologies, detection logic development, and investigation techniquesAbout YouMinimum Qualifications5+ years of experience in a detection engineering, incident response, or offensive security role.Experience with 1 or more public cloud platforms (AWS, Azure, GCP)Deep understanding of attacker TTPs across modern zero trust environments, including identity compromise, token theft, and abuse of trust boundariesProficient understanding of macOS internals and telemetry available to identify macOS specific threatsExperience implementing detection-as-code workflows including version control, peer review processes, automated testing, and CI/CD deployment pipelinesBasic proficiency with Python, Golang, or other programming languagesRelevant certifications: GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similarPreferred QualificationsBackground in offensive security or red teamingKnowledge of machine learning for threat detectionInstacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here.Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here. For US based candidates, the base pay ranges for a successful candidate are listed below.CA, NY, CT, NJ$230,000—$242,500 USDWA$220,000—$232,000 USDOR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI$211,000—$222,500 USDAll other states$192,000—$202,500 USDOriginally posted on Himalayas

We're transforming the grocery industryAt Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.Instacart is a Flex First team There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.OverviewInstacarts Detection Engineering team sits at the core of our Security organization, building and operating the systems that identify, surface, and respond to threats across one of North America's largest grocery technology platforms. We own the full detection lifecycle — from telemetry collection and signal design to automated response — across a complex, cloud-native environment spanning endpoint, cloud, container, and SaaS.As a Senior Detection Engineer, you'll be a technical anchor on the team: developing high-fidelity detection logic, hunting for novel attacker techniques, and raising the bar for how we think about coverage, quality, and scale. You'll work closely with Engineering, Red Team, Incident Response, Fraud, and Trust & Safety to ensure our detections reflect real-world adversary behavior — not just signatures.We operate with a detection-as-code mindset: everything we build is versioned, tested, and deployed through repeatable pipelines. We care deeply about reducing noise, improving analyst efficiency through automation and SOAR, and continuously evolving our coverage as the threat landscape shifts.If you're energized by hard forensic problems, enjoy translating attacker TTPs into durable detection logic, and want to help shape the future of a growing security function, this role is for you.About the JobDevelop, tune, document, and maintain detection logic across multiple log sources including endpoint, cloud, container, and SaaS products.Assist in cyber forensic investigations across a variety of log sourcesOptimize log ingestion pipelines and telemetry collection to ensure high-quality, actionable security data while managing volume and costDesign and build SOAR playbooks and automation workflows to streamline detection triage, enrichment, and response actionsMentor junior security analysts and detection engineers on threat hunting methodologies, detection logic development, and investigation techniquesAbout YouMinimum Qualifications5+ years of experience in a detection engineering, incident response, or offensive security role.Experience with 1 or more public cloud platforms (AWS, Azure, GCP)Deep understanding of attacker TTPs across modern zero trust environments, including identity compromise, token theft, and abuse of trust boundariesProficient understanding of macOS internals and telemetry available to identify macOS specific threatsExperience implementing detection-as-code workflows including version control, peer review processes, automated testing, and CI/CD deployment pipelinesBasic proficiency with Python, Golang, or other programming languagesRelevant certifications: GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similarPreferred QualificationsBackground in offensive security or red teamingKnowledge of machine learning for threat detectionInstacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here.Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here. For US based candidates, the base pay ranges for a successful candidate are listed below.CA, NY, CT, NJ$230,000—$242,500 USDWA$220,000—$232,000 USDOR, DE, ME, MA, MD, NH, RI, VT, DC, PA, VA, CO, TX, IL, HI$211,000—$222,500 USDAll other states$192,000—$202,500 USDOriginally posted on Himalayas