Security Engineer, Detection & Response

Grammarly is excited to offer a remote-first hybrid working model. Grammarly team members in this role must be based in the United States, and, depending on business needs, they must meet in person for collaboration weeks, traveling if necessary to the hub(s) where their team is based.

This flexible approach gives team members the best of both worlds: plenty of focus time along with in-person collaboration that fosters trust and unlocks creativity.

About Grammarly

Grammarly is the world’s leading AI writing assistance company trusted by over 30 million people and 70,000 teams. From instantly creating a first draft to perfecting every message, Grammarly helps people at 96% of the Fortune 500 and teams at companies like Atlassian, Databricks, and Zoom get their point across—and get results—with best-in-class security practices that keep data private and protected. Founded in 2009, Grammarly is No. 14 on the Forbes Cloud 100, one of TIME’s 100 Most Influential Companies, one of Fast Company’s Most Innovative Companies in AI, and one of Inc.’s Best Workplaces.

The Opportunity

To achieve our ambitious goals, we’re looking for a Security Engineer to join our Detection and Response (DART) team.  As a key member of our organization, you will be instrumental in safeguarding our digital assets and ensuring our security posture remains robust against emerging threats. If you have a passion for cybersecurity, a keen eye for detail, and extensive experience in security operations, we want to hear from you!

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. You can hear more from our team on our technical blog.

As a DART engineer, you will 

• Design, implement, and fine-tune advanced detection mechanisms to proactively identify potential security threats and vulnerabilities within our environment.
• Perform forensics and spearhead response efforts during security incidents. This includes triaging security alerts, taking relevant mitigation steps, and engaging with internal stakeholders to ensure swift resolution.
• Continuously tune our alerting rules to reduce false positives and enhance our signal-to-noise ratio, ensuring our detection systems are both effective and efficient.
• Participate in our team’s on-call rotation, providing expert guidance and rapid response to security incidents as they arise.
• Assist with the definition, creation, and maintenance of SIEM (Security Information and Event Management) detection rules and dashboards to provide clear, actionable insights.
• Streamline our security operations by authoring comprehensive runbooks, writing automation scripts, and building SOAR (Security Orchestration, Automation, and Response) capabilities to reduce manual intervention and improve response times.
• Improve our overall Incident Response process and ensure our readiness against adversaries.
• Actively work to burn down the detection backlog, enhancing our detection coverage and accuracy across all monitored systems and applications.
• Develop advanced detection strategies and tactics.
• Collaborate on project and roadmap planning.

Qualifications

• Has a minimum of 10 years in cybersecurity, with a focus on detection and response.
• Is proficient in SIEM platforms and scripting languages (Python) and has familiarity with SOAR tools.
• Has hands-on experience combating adversaries of varying sophistication (script kiddies to APT).
• Has a foundational understanding of Corporate Security, including Mac endpoint security and Crowdstrike EDR.
• Has professional experience with a commercial SIEM (Sumologic preferred).
• L1, L2 SOC experience or "SOC-less" model (MDR, etc.).
• Can define detection strategies and multi-quarter roadmaps.
• Has strong expertise in incident handling and forensic investigation, with a proven track record of managing complex security incidents.
• Has excellent analytical and problem-solving skills, with the ability to think critically under pressure.
• Demonstrates strong verbal and written communication skills, capable of interacting with technical and non-technical stakeholders alike.
• Has relevant industry certifications such as CISSP, GCIA, GCIH, or equivalent.
• Has excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
• Has strong communication skills and can explain complex security issues in understandable terms.
• Nurtures the talent in the team and raises the technical talent bar when recruiting for their team.

Compensation and Benefits

• Grammarly offers all team members competitive pay along with a benefits package encompassing the following and more: 
• Excellent health care (including a wide range of medical, dental, vision, mental health, and fertility benefits)
• Disability and life insurance options
• 401(k) and RRSP matching 
• Paid parental leave
• 20 days of paid time off per year, 12 days of paid holidays per year, two floating holidays per year, and unlimited sick days 
• Generous stipends (including those for caregiving, pet care, wellness, your home office, and more)
• Annual professional development budget and opportunities

Grammarly takes a market-based approach to compensation, which means base pay may vary depending on your location. Our US locations are categorized into two compensation zones based on proximity to our hub locations. 

Base pay may vary considerably depending on job-related knowledge, skills, and experience. The expected salary ranges for this position are outlined below by compensation zone and may be modified in the future. 

United States: 

Zone 1: $270,000 – $320,000/year (USD)

Zone 2: $240,000 – $290,000/year (USD)

For more information about our compensation zones and locations where we currently support employment, please refer to this page. If a location of interest is not listed, please speak with a recruiter for additional information. 

We encourage you to apply

At Grammarly, we value our differences, and we encourage all to apply—especially those whose identities are traditionally underrepresented in tech organizations. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, ancestry, national origin, citizenship, age, marital status, veteran status, disability status, political belief, or any other characteristic protected by law. Grammarly is an equal opportunity employer and a participant in the US federal E-Verify program (US). We also abide by the Employment Equity Act (Canada).

#LI-PM1