Member of Technical Staff, SecOps & Threat Detection Engineer
Envoy · San Francisco, CA (OnSite)
On-site$265–310kNew
staff
threat detection
Apply on Envoy →
Envoy protects the places the world relies on most by unifying people, spaces, and communications in one secure, integrated workplace management platform and ecosystem. More than 16,000 workplaces around the world trust Envoy to run secure, compliant, and connected operations across every location.
From manufacturing sites and data centers to life sciences labs, healthcare facilities, and corporate headquarters, Envoy unifies visitor management, risk assessment, mailroom management, digital signage software, resource booking, and emergency management into one integrated platform.
With deep integrations across access control, identity, compliance screening, and collaboration tools—including LenelS2, Brivo, Genetec, Honeywell, Cisco Meraki, Okta, Microsoft Azure, Microsoft Teams, Slack, ServiceNow, DocuSign, Avigilon Alta, and Descartes Visual Compliance—Envoy helps organizations reduce risk, stay audit-ready, and operate with clarity at scale.
Learn more at envoy.com
This is an L5 opportunity. Successful candidates typically come from staff or principal-level roles and are recognized for establishing technical direction, leading large-scale initiatives, and shaping engineering strategy across organizations.
About the role
We are building a proactive, engineering-led security function focused on threat detection, visibility, and automation.
We are looking for a Staff Security Engineer to own and evolve our Security Operations and Threat Detection capabilities. This role is responsible for defining how we detect, monitor, and respond to threats across our infrastructure, applications, and endpoints.
Today, much of our security posture is reactive. This role will lead the shift toward a system where detection is reliable, measurable, and engineered, not improvised.
You will work across Infrastructure, Platform, and Workplace teams to ensure we have full visibility into our environment and can confidently answer: “If we had a security incident, how quickly would we know?”
This on-site position requires 4 days a week (Monday through Thursday) in our San Francisco HQ office.
You will
Own the design and evolution of our threat detection and security operations capability
Define detection strategy across cloud infrastructure, applications, and endpoints
Establish and improve our SIEM and monitoring architecture, including signal quality, coverage, and scalability
Design and implement detection-as-code practices, setting standards for how detection logic is built, tested, and maintained
Drive visibility across all critical assets, ensuring endpoints, services, and identities are consistently monitored
Take ownership of endpoint security monitoring (e.g., SentinelOne), including integration into centralized detection workflows
Lead the design and rollout of automated security controls, including secrets rotation for high-risk systems
Define alerting strategy, including severity models, escalation paths, and on-call expectations
Lead investigations into complex or ambiguous security signals, setting the standard for root cause analysis and response
Partner with engineering teams to improve instrumentation and ensure systems emit high-quality security signals
Define and track key metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and drive measurable improvements
Mentor and guide other engineers, raising the overall capability of the team in detection and security operations
You have
6+ years of experience in Security Engineering, SRE, or Infrastructure Engineering with a strong security focus
Proven experience designing or significantly improving security monitoring, detection, or SIEM systems
Strong understanding of cloud environments (ideally AWS), including IAM, networking, and logging at scale
Experience working with endpoint detection and response tools such as SentinelOne or similar
Deep experience working with logs, events, and telemetry to build meaningful, high-signal detections
Strong programming or scripting skills (Python, Go, or similar), with a focus on automation and system design
A strong understanding of attacker behavior and the ability to translate threats into detection strategies
Experience defining alerting models and reducing noise while maintaining strong coverage
Ability to operate in ambiguous environments and define structure where none exists
Strong cross-functional communication skills, with the ability to influence engineering and leadership
A pragmatic, outcome-oriented mindset focused on reducing real risk and improving operational effectiveness
By applying for this position, you acknowledge that you have fully read and understand the job requirements and received the Envoy Privacy Notice for applicants, which is linked here . Completing this application requires you to provide personal data, such as your name and contact information, which is mandatory for Envoy to process your application. Envoy is an EEO Employer and does not discriminate on the basis of any characteristic protected by local, state or federal law.
Posted 2026-07-08