The Detection & Response Engineer will manage detection engineering, response automation, incident management, and threat hunting in a hybrid Web2/Web3 environment, protecting the DeFi platform from various security threats.
About:
Veda is the DeFi engine powering financial apps enabling platforms to seamlessly create on-chain yield products. Our mission is to unlock DeFi for the world by providing seamless, enterprise-grade integrations for modern finance. Veda's technology powers many of DeFi's largest vault products, including ether fi Liquid, PlasmaUSD Vault, Lombard DeFi Vault, and Mantle cmETH.
At $6B in TVL and 100k+ users, Veda is one of the fastest growing DeFi protocols with a team passionate about DeFi and dedicated to our work. This role will be high impact and have the opportunity to directly shape some of the most critical infrastructure in DeFi.
Role:
You will own the Detection & Response (D&R) function across our hybrid Web2+Web3 environment. From designing high-fidelity detections to orchestrating rapid incident containment, both on-chain and off, you will be at the forefront of protecting a fast-moving DeFi platform.
Core Functions:
- Detection Engineering
- Design, build, and continuously tune detection pipelines for cloud, container, and blockchain telemetry (AWS/GCP logs, K8s events, on-chain data streams)
- Maintain real-time monitoring using SIEM/XDR solutions.
- Integrate blockchain-specific monitoring tools (e.g. Hypernative, Hexagate, etc.) with cloud-native telemetry.
- Response Automation
- Build SOAR workflows and automated containment playbooks
- Implement on-chain transaction guardrails and automated policy enforcement for suspicious smart-contract activity
- Incident Management
- Lead incident lifecycle end-to-end: triage, scope, containment, eradication, recovery, and post-mortems
- Conduct blockchain forensics, smart contract incident analysis, and web2 investigations
- Threat Hunting & Purple Teaming
- Proactively identify emerging TTPs by mining multi-source telemetry
- Partner with other engineers to simulate attack scenarios, including DeFi-specific threats (MEV exploitation, oracle manipulation, re-entrancy, governance takeovers).
- Security Architecture & Collaboration
- Partner with DevOps, Backend, and Smart Contract teams to integrate detection logic into pipelines
- Conduct security design reviews for new features, focusing on both application logic and blockchain protocol risks
- Influence secure-by-default engineering practices across Web2 and Web3 stacks
Qualifications:
- 5+ yrs combined experience in Security Operations, Incident Response, or SRE with a strong DevSecOps mindset.
- Strong understanding of cloud-native (AWS/GCP/Azure) and containerized infrastructure (K8s, ECS, etc.) including workload security.
- Proven experience managing modern detection stacks (Elastic, Splunk, Panther, Chronicle, or equivalents) and iac-driven deployments.
- Hands-on with container & K8s security: admission controller policies, runtime hardening, image scanning, network policies.
- Hands-on Kubernetes and container security (OPA Gatekeeper/Kyverno, Falco, runtime hardening, network segmentation, image scanning, etc.).
- Technical Skills
- Proficient in at least one production-grade programming language (Python, Go, Rust) with a track record of automated security tooling.
- SOAR platform integration experience with demonstrated ability to transform log data into automated containment actions.
- Familiarity with blockchain-specific security monitoring tools and workflows.
- Web3/DeFi Knowledge
- Understanding of DeFi-specific attack vectors such as flash-loan exploits, cross-chain bridge attacks, MEV, governance exploits, and protocol-level vulnerabilities.
- Working knowledge of Solidity, smart-contract testing frameworks (e.g., Foundry, Hardhat), and secure development patterns.
- Security Methodology
- Familiarity with MITRE ATT&CK (Enterprise + DeFi mappings), threat modeling methodologies, and purple-team collaboration frameworks.
- Experience implementing zero-trust architectures, modern identity & access management, and secrets management best practices.
Nice-to-Have:
- Experience in digital asset custody security, wallet infrastructure, and multi-sig/threshold signature systems.
- Experience with anomaly detection/ML-based detection systems in a security context.
Benefits at Veda
We’re a small, tight-knit team building the infrastructure that powers a new generation of financial products on-chain, composable, and accessible to anyone. We believe the full potential of DeFi is still ahead of us, and we’re here to help unlock it.
We also believe that great work comes from people who feel trusted, supported, and aligned with the mission. Here’s how we try to make that happen:
Health Coverage
We offer medical, dental, and vision coverage for employees. For international contractors, we work closely to ensure access to appropriate local or global health coverage.
Flexible Time Off
We don’t track vacation days. Take the time you need to rest and recharge—we trust you to manage your schedule.
Remote-First by Design
Our team spans time zones and geographies. We work async, with a focus on autonomy over micromanagement.
Parental Leave
Paid leave is available for new parents, whether you’re the primary or secondary caregiver.
Learning & Development
We offer stipends to support ongoing learning - whether it’s a course, a conference, or something else that helps you grow.
Top Skills
AWS
Azure
Elastic
GCP
Go
Kubernetes
Python
Rust
Solidity
Splunk
Similar Jobs
Artificial Intelligence • Machine Learning • Software • Defense
As a Security Engineer focusing on Detection & Response, you will manage security operations, engineering detections, and incident response while collaborating with IT and security teams.
Top Skills:
AWSCrowdstrike Falcon EdrCrowdstrike Query LanguageMicrosoft 365Nextgen SiemPython
Artificial Intelligence • Fintech • Machine Learning • Natural Language Processing • Business Intelligence
Responsible for enhancing detection engineering, response automation, and threat hunting capabilities. Collaborate on detection rules, automated incident responses, and lead threat hunting initiatives.
Top Skills:
AWSEdrGCPJupyter NotebooksOsqueryPythonSIEMSigmaSoarVelociraptorYara-L
Mobile • Social Media
Lead threat detection and incident response, optimize security tools, handle security incidents, oversee vSOC, and manage security awareness initiatives.
Top Skills:
AWSAzureCnappEdrGCPGoKubernetesNdrOpenshiftPythonSIEM
What you need to know about the San Francisco Tech Scene
San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
