Airtable's mission is to empower anyone to create software. As such, establishing Airtable as a trusted and secure brand for our customers is essential to our success. We're building a world-class security team, seeking the brightest minds to innovate and create real solutions that solve the challenges facing the internet community. To accomplish this, our team will be performing research, serving as subject matter experts, and presenting our work at conferences.
We're looking for a Lead Detection and Response Engineer to own the Cybersecurity Monitoring, Alerting, and Response program at Airtable. You'll be charged with building out our Security Operations Center (SOC). You'll collaborate with cross-functional teams to create innovative detection strategies and develop a best in class threat detection and response program.
What you’d do

• Lead and develop our security detection and incident response capabilities and program
• Design, implement, monitor and continuously improve security infrastructure, systems, and processes
• Help define the strategy for security operations and incident management
• Scale security operations and incident response capabilities to meet the needs of our growing business
• Ensure ongoing visibility over critical controls and systems, plan for and respond to events

Who you are

• 5+ years of experience in the Information Security field, including operational security monitoring experience
• Highly experienced in building out a Security Operations Center (SOC), either on your own or as a senior contributor with capability to move into a role where you will lead this effort
• Proficient monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs
• Proven experience in the successful delivery of large, complex, high volume logging pipelines using modern scalable architectures and technologies such as ELK or Splunk
• Experience with AWS
• Scripting skills (i.e. Python/Perl, shell scripting)
• Ability to write custom intrusion detection system rules
• Experience configuring security incident and event management tools (such as Splunk, ArcSight, Symantec SIM, LogLogic, SumoLogic), including creating event filtering and correlation rules and reports
• Bonus points: Relevant information security certifications, such as SANS GCIA, SANS GCIH, SANS GFCA

What we offer

• Health care: we have you 100% covered (and your dependents 50% covered) with competitive medical, dental, and vision insurance. You'll also be eligible for a complimentary membership to One Medical Group
• Learning & Development: we offer a $2,000 per year stipend for your personal career development
• Gym Membership: we’re proud to provide employees in our San Francisco and New York offices with complimentary gym memberships to Equinox, or up to $100/month reimbursement towards any other gym
• Catered lunches: we have high-quality catered lunches every day and well-stocked kitchens. We'll also reimburse you for any reasonable food expenses incurred while working
• Generous PTO, sick leave, and parental leave

About Airtable

Airtable's mission is to democratize software creation. We believe that software stands to be the single most impactful way anyone can bring their ideas to life, yet that few people can actually access it as a creative medium. Airtable enables everyone to experience the power of creating, not just using, software. Headquartered in San Francisco, Airtable has raised $170M in venture funding to date, most recently a 100M Series C from Benchmark, Thrive, and Coatue.