Senior Security Operations Engineer, Detection & Response

About Us dbt Labs is the pioneer of analytics engineering, helping data teams transform raw data into reliable, actionable insights. Since 2016, we’ve grown from an open source project into the leading analytics engineering platform, now used by over 90,000 teams every week, driving data transformations and AI use cases. As of February 2025, we’ve surpassed $100 million in annual recurring revenue (ARR) and serve more than 5,400 dbt Platform customers, including AstraZeneca, Sky, Nasdaq, Volvo, JetBlue, and SafetyCulture. We’re backed by top-tier investors including Andreessen Horowitz, Sequoia Capital, and Altimeter. At our core, we believe in empowering data practitioners: Reliable, high-quality data is the fuel that propels AI-powered data engineering. AI is changing data work, fast. dbt’s data control plane keeps data engineers ahead of that curve. We empower engineers to deliver reliable, governed data faster, cheaper, and at scale. dbt Labs is now synonymous with analytics engineering, defining the modern data stack and serving as the data control plane for enterprise teams around the world. And we’re just getting started.. We’re growing fast and building a team of passionate, curious people across the globe. Learn more about what makes us special by checking out our values . About the Security Team: The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt. Our small team size and wide scope of responsibilities require that we work intelligently to address the security needs of dbt's products. We aim to put yesterday's problems behind us through a mix of OSS/COTS solutions for commodity problems and using ingenuity to solve the rest. As a Senior Security Operations Engineer on the Detection Response team, you will strengthen and maintain the company's security posture throughout the threat detection lifecycle from telemetry collection and continuous monitoring through threat detection, incident response, and security event management. You will serve as a subject matter expert for security operations across the dbt Labs' teams and technology infrastructure, including multi-cloud production environments, identity, endpoints, and SaaS technologies. In this role, you can expect to: Participate in a 24/7 on-call rotation providing coverage for active security incidents, investigations, and security events across our global infrastructure. Lead investigation and remediation of security incidents, coordinating cross-functional response efforts to minimize impact and recovery time. Play a major role in bootstrapping an end to end DR alert and investigation pipeline. Triage and investigate security alerts from detection tools including Wiz Defend, Crowdstrike, and cloud security platforms to identify genuine threats and reduce false positives. Develop and maintain detection rules, runbooks, and response procedures mapped to the company's threat model. Automate alert triage workflows and improve mean time to detection and response through tooling and process enhancements, including leveraging AI enrichment and processing. Collaborate with Infrastructure and Application Security teams to implement secure-by-design principles and remediate identified security issues. Conduct security event analysis to identify policy violations, misconfigurations, and potential attack vectors before they become incidents. Partner with our Enterprise Security Technology team to enhance endpoint security controls and monitoring across endpoints (MacOS laptops some Windows and Linux-based development environments). Design and facilitate tabletop exercises and game days to test detection, response, recovery, and remediation capabilities. Contribute to the maturation of the security incident response program through documentation, tra ... (truncated, view full listing at source)