Senior Security Engineer, Detection & Response

At Docker, we make app development easier so developers can focus on what matters. Our remote-first team spans the globe, united by a passion for innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is the #1 tool for building, sharing, and running apps—trusted by startups and Fortune 100s alike. We’re growing fast and just getting started. Come join us for a whale of a ride!

At Docker, we help developers bring their ideas to life by conquering the complexity of app development. Through an integrated development pipeline and application components, we simplify and accelerate workflows, empowering developers worldwide.

Docker’s Security Team is committed to protecting both our organization and our customers. The Detection and Response Team plays a critical role in identifying, analyzing, and mitigating threats across Docker’s infrastructure. We are now seeking a Senior Detection and Response Engineer with expertise in log pipeline generation to enhance security visibility, threat detection, and response capabilities. This role will lead threat detection, investigation, and automation efforts while working closely with IT, Security & Compliance, and Engineering teams to build high-fidelity security telemetry and enable real-time threat detection, incident response, and forensic analysis.

Responsibilities:

• Detection as Code & Incident Response – Monitor, detect, and respond to cybersecurity threats, lead incident investigations, conduct root cause analysis, and automate threat detection and hunting. Develop detection and response playbooks and participate in on-call rotations.
• Log Pipeline Development & Optimization – Design, implement, and maintain log ingestion, parsing, and normalization pipelines across endpoint, network, cloud, and application logs. Ensure log consistency across EDR, SIEM, SOAR, and threat detection tools.
• Automation & Infrastructure as Code (IaC) – Use Terraform, Kubernetes, and scripting to automate log infrastructure in cloud environments and improve security monitoring efficiency.
• Compliance & Data Retention – Ensure log storage and retention meet regulatory and security requirements, support audit to maintain compliance.
• Cross-Team Collaboration & Security Strategy – Work with Product Security, Infrastructure, DevOps, and IT on various initiatives to mature the Detection Engineering program and strengthen Docker’s overall security posture. Partner with stakeholders to improve threat intelligence, detection, and incident response capabilities.

Qualifications:

• Background in Information Security, Computer Science, Computer Engineering, Forensics, or equivalent work experience.
• 4-5 years of hands-on experience in detection and response, including triage and incident response in enterprise SaaS environments.
• Proven experience in building log ingestion and normalization pipelines across diverse systems.
• Expertise in Detection as Code, particularly using Python and SQL.
• Subject matter expert in endpoint security and/or cloud security.
• Strong working knowledge of Mac, Linux, and Windows operating systems.
• Hands-on experience with major cloud infrastructures, including AWS, Azure, and GCP.
• Experience with Kubernetes is a nice-to-have.
• Demonstrated experience working across multiple teams in collaborative security roles.

What to expect in the first 30 days

• Understand Docker’s infrastructure and identify gaps in the current Detection Engineering program.
• Establish and build collaborative relationships with key security stakeholders.
• Coordinate and support security incident investigations.

What to expect in the first 90 days

• Develop a roadmap for log development and optimization.
• Drive log ingestion and alerting improvements in SIEM and other security tools.
• Refine existing playbooks with a fresh perspective.
• Participate in security on-call rotation.

What to expect in the first year

• Become a key partner within Docker’s cross-functional Security team.
• Own and mature one or more Detection & Response initiatives.
• Help shape Docker’s security roadmap and its interconnection with Engineering.
• Lead educational initiatives to strengthen Docker’s security posture company-wide.

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.

Due to the remote nature of this role, we are unable to provide visa sponsorship.

#LI-REMOTE