Security Detection Engineer

At WHOOP, we’re on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. WHOOP is seeking a Security Detection Engineer to serve as a key technical contributor within our Information Security team, reporting to the Information Security Manager. In this role, you will drive the design and evolution of high-fidelity, scalable detection capabilities that protect millions of members’ biometric and health data. You will help define our detection engineering strategy across cloud, identity, endpoint, and application environments, ensuring depth of coverage, signal precision, and resilience against modern attacker tradecraft. This is an opportunity to shape a growing detection program within a rapidly evolving Information Security team. Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success. The U.S. base salary range for this full-time position is $130,000 - $170,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements. RESPONSIBILITIES: As a member of the team, you will: Design, build, and scale high-signal detections across cloud, identity, endpoint, network, and application layers using Detection-as-Code principles. Develop and maintain detection logic aligned to real-world attacker behavior and frameworks such as MITRE ATT&CK across modern security platforms. Translate threat intelligence into actionable detections and validate effectiveness through adversary emulation and testing. Build behavioral detections to protect against threats such as account takeover, credential abuse, API misuse, automation attacks, privilege escalation, and data exfiltration. Continuously improve detection quality by tuning alerts, reducing false positives, and implementing automated enrichment and triage. Define and track detection KPIs (e.g., precision, recall, false positive rate, MTTD) and implement processes to measure and improve detection health. Support and lead incident investigations, including containment, root cause analysis, and post-incident detection improvements. Contribute to the on-call rotation while proactively reducing operational overhead through automation. Partner with Engineering, IT, Infrastructure, Product, and GRC to ensure systems launch with strong monitoring and detection coverage. Map detections to threat models, identify visibility gaps, and continuously improve coverage as the environment scales. Explore and apply advanced analytics and machine learning techniques to improve detection fidelity, reduce noise, and enhance triage and investigation workflows. Stay ahead of evolving threats by researching emerging attack techniques and incorporating learnings into detection strategy. QUALIFICATIONS: 4+ years of hands-on experience in Information Security, with a focus on detection engineering, threat detection, or security operations. Demonstrated experience writing and tuning detections across cloud, identity, endpoint, or application environments. Familiarity with detection frameworks and tooling such as YARA, SIGMA, Suricata, or similar rule-based detection methodologies. Strong understanding of attacker techniques across identity compromise, cloud abuse, lateral movement, and data exfiltration. Expertise analyzing and building detections on cloud and SaaS telemetry, including authentication events, API activity, and system logs. Strong scripting skills in a scripting language such as Python, Go, or PowerShell for automation and tool development. Ability to operate effectively in a fast-paced, high-growth environment. Strong analytical mindset with a systems-thinking approach to reducing noise and increasing signal fidelity. Experience supporting incident response investigations and participating in on-call rotations. Experience building detective controls for consumer-facing platforms or detecting authentication and API abuse at scale is a strong plus. Effective communicator who can collaborate with engineers and explain detection strategy clearly to both technical and non-technical stakeholders. Familiarity with applying data analysis or machine learning techniques to security detection or alert triage is a plus. Bachelor’s degree in Computer Science, Information Security, or a related technical field, and/or relevant security certifications are a plus.

{
  "content_hash": "07312a15ce7624b03a2512ca18987bf2fb053d117cbf844114002c6d03c3b354",
  "source_hash": "f19067381fc579ff98229a47eac4047a0c42be294598afb54c44bf38474836a2",
  "last_changed_at": "2026-05-29T07:01:38.728Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Boston, MA",
    "city": "Boston",
    "region": "MA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 170000,
  "salary_min": 130000,
  "inferred_at": "2026-06-18T07:57:36.968Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Boston, MA",
      "city": "Boston",
      "region": "MA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "RESPONSIBILITIES:",
      "content": "<p>As a member of the team, you will:</p>\n\n<li>\n<p>Design, build, and scale high-signal detections across cloud, identity, endpoint, network, and application layers using Detection-as-Code principles.</p>\n</li>\n<li>\n<p>Develop and maintain detection logic aligned to real-world attacker behavior and frameworks such as MITRE ATT&amp;CK across modern security platforms.</p>\n</li>\n<li>\n<p>Translate threat intelligence into actionable detections and validate effectiveness through adversary emulation and testing.</p>\n</li>\n<li>\n<p>Build behavioral detections to protect against threats such as account takeover, credential abuse, API misuse, automation attacks, privilege escalation, and data exfiltration.</p>\n</li>\n<li>\n<p>Continuously improve detection quality by tuning alerts, reducing false positives, and implementing automated enrichment and triage.</p>\n</li>\n<li>\n<p>Define and track detection KPIs (e.g., precision, recall, false positive rate, MTTD) and implement processes to measure and improve detection health.</p>\n</li>\n<li>\n<p>Support and lead incident investigations, including containment, root cause analysis, and post-incident detection improvements.</p>\n</li>\n<li>\n<p>Contribute to the on-call rotation while proactively reducing operational overhead through automation.</p>\n</li>\n<li>\n<p>Partner with Engineering, IT, Infrastructure, Product, and GRC to ensure systems launch with strong monitoring and detection coverage.</p>\n</li>\n<li>\n<p>Map detections to threat models, identify visibility gaps, and continuously improve coverage as the environment scales.</p>\n</li>\n<li>\n<p>Explore and apply advanced analytics and machine learning techniques to improve detection fidelity, reduce noise, and enhance triage and investigation workflows.</p>\n</li>\n<li>\n<p>Stay ahead of evolving threats by researching emerging attack techniques and incorporating learnings into detection strategy.</p>\n</li>\n"
    },
    {
      "text": "QUALIFICATIONS:",
      "content": "<div>\n\n<li>\n<p>4+ years of hands-on experience in Information Security, with a focus on detection engineering, threat detection, or security operations.</p>\n</li>\n<li>\n<p>Demonstrated experience writing and tuning detections across cloud, identity, endpoint, or application environments.</p>\n</li>\n<li>\n<p>Familiarity with detection frameworks and tooling such as YARA, SIGMA, Suricata, or similar rule-based detection methodologies.</p>\n</li>\n<li>\n<p>Strong understanding of attacker techniques across identity compromise, cloud abuse, lateral movement, and data exfiltration.</p>\n</li>\n<li>\n<p>Expertise analyzing and building detections on cloud and SaaS telemetry, including authentication events, API activity, and system logs.</p>\n</li>\n<li>\n<p>Strong scripting skills in a scripting language such as Python, Go, or PowerShell for automation and tool development.</p>\n</li>\n<li>\n<p>Ability to operate effectively in a fast-paced, high-growth environment.</p>\n</li>\n<li>\n<p>Strong analytical mindset with a systems-thinking approach to reducing noise and increasing signal fidelity.</p>\n</li>\n<li>\n<p>Experience supporting incident response investigations and participating in on-call rotations.</p>\n</li>\n<li>\n<p>Experience building detective controls for consumer-facing platforms or detecting authentication and API abuse at scale is a strong plus.</p>\n</li>\n<li>\n<p>Effective communicator who can collaborate with engineers and explain detection strategy clearly to both technical and non-technical stakeholders.</p>\n</li>\n<li>\n<p>Familiarity with applying data analysis or machine learning techniques to security detection or alert triage is a plus.</p>\n</li>\n<li>\n<p>Bachelor’s degree in Computer Science, Information Security, or a related technical field, and/or relevant security certifications are a plus.</p>\n</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1778696942568,
  "updatedAt": null,
  "categories": {
    "team": "Information Security",
    "location": "Boston, MA",
    "commitment": "Full Time",
    "allLocations": [
      "Boston, MA"
    ]
  },
  "salaryRange": null,
  "workplaceType": "onsite"
}