Security Response Engineer, Detection Engineering

About Chainlink
Chainlink is the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance (DeFi). The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, lending, payments, stablecoins, and more. Since inventing decentralized oracle networks, Chainlink has enabled tens of trillions in transaction value and now secures the vast majority of DeFi.

Many of the world’s largest financial services institutions have also adopted Chainlink’s standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, S&P Dow Jones Indices, FTSE Russell, WisdomTree, ANZ, and top protocols such as Aave, Lido, GMX and many others. Chainlink leverages a novel fee model where offchain and onchain revenue from enterprise adoption is converted to LINK tokens and stored in a strategic Chainlink Reserve. Learn more at chain.link.

About The Role

As a Security Response Engineer, you’ll lead our detection engineering efforts and the infrastructure that powers it, while contributing to Threat Management’s shared operational duties (preventing, detecting, and mitigating security incidents; building and triaging detections). You should have familiarity with a variety of detection engineering related projects. You would be working on designing logging and alerting pipelines to collect/filter/enrich logs in a scalable manner, building and deploying security-related tooling to gather new types of telemetry, setting standards for infrastructure use across the team, and collaborating with Eng/Infra teams to improve visibility and achieve shared security-related goals.

Your Impact

• Own detection engineering as a product: set the roadmap and drive measurable outcomes

• Build and run telemetry pipelines

• Establish team-wide standards: lead the standardization of internal security tooling, infrastructure deployment strategy, and access methods

• Proactively identify and implement areas of improvement and modernization

• Shape our EDR/SIEM strategy: act as a key stakeholder in evaluations, migrations, and architecture decisions

• Join the team's on-call rotation to assist in writing, tuning, and triaging detections, as well as coordinating the response to security incidents

Requirements

• Experience leading detection engineering efforts (logging pipelines, enrichment/automation, quality monitoring): owned the roadmap and delivered measurable outcomes.

• Hands‑on experience managing and deploying security infrastructure and tooling (IaC, containerization, remote access).

• Track record of authoring and tuning detections across endpoint, cloud, identity, and/or network telemetry.

• Operational rigor: served in a security on‑call rotation and acted as incident coordinator for high‑severity events with multiple external stakeholders

• Led a cross-functional initiative to ship a security-related capability.

• Previous coding experience (Python, Go, Rust, or similar).

Preferred Requirements

• Prior success in remote-first environments.

• Experience with detections‑as‑code (Sigma) development and workflows.

• Domain experience with blockchain/Web3 threats.

• Open-source contributions to security related projects.

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes. The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application. We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.