Staff Detection & Response Engineer


Chicago, IL

This job has been expired

About Us

At WeWork, we provide inspiring and flexible workplace solutions to help businesses – small, medium or large – thrive in more than 150 cities globally. The future of work is happening right now, and we are leading this moment. United by a common purpose, here we will empower tomorrow’s world at work. Join us on our journey as we give our members the freedom and support to push boundaries in their industries, and work to redefine our own.

WeWork’s Information Security team is constantly looking to advance and grow its capabilities to provide the best member and employee experience. We take pride in protection, detection, and response for a wide range of technology and operations that support our buildings, infrastructure, members, employees, and our community.

About The Opportunity

Work independently to manage and execute multiple projects in diverse environments, ensure that appropriate management is apprised of project status, bring projects to completion and follow up with customers regarding results. Encouraged to work autonomously and laterally across the team on problems that help protect the business. Ability to work on impactful initiatives that will change the future of work across the globe.


  • Identify, analyze and respond to malicious behaviors from a variety of sources and create an action plan to mitigate similar incidents in the future
  • Operate semi-autonomously to conduct the collection, investigate, create solutions and support the efforts of other teams
  • Leverage background in the application, network, and cloud technology to act as subject matter expert in security incident response
  • Organize and participate in regular post-mortems to educate stakeholders and drive improvements in response capabilities
  • Take responsibility for managing projects, including coordinating internal resources, developing and executing a strategy, and communicating with stakeholders
  • Synthesize information from various sources and provide defensible working theories and solutions
  • Develop automation to improve detection and response time and reduce the likelihood and impact of future incidents
  • Be the senior escalation point for engineers and non-technical stakeholders
  • Protect confidential information and action with the highest level of integrity

Desired Skills And Experience

  • Knowledge and experience of malware and exploit tools tactics, techniques, and procedures for maximum infiltration and persistence
  • Hands-on experience securing, monitoring, and conducting investigations with cloud computing platforms including Azure, AWS, and Google Cloud Platform
  • Programming and automation skills in one or more of Python, Perl, Ruby, Java, C, Bash, Powershell and command-line tools (grep, sed, awk, PowerShell),
  • Experience with penetration testing, red team/blue team exercises, security operations, incident response malware analysis, digital forensics, and intelligence
  • Experience interpreting, searching and manipulating data within enterprise logging solutions such as Splunk, Elasticsearch/Logstash/Kibana – ELK / Elastic Stack
  • Proficiency with industry-standard DFIR tools including X-Ways, EnCase, Axiom/IEF, Cellebrite, FTK, Pstools, Volatility, Wireshark, NetWitness, and Autopsy
  • Experience with infrastructure as code and orchestration tools such as Ansible, Chef, Puppet, Terraform, and Vagrant

Ideal Candidates Will Have

  • 5+ years of hands-on experience working in multiple domains such as incident response, detection engineering, penetration testing, and/or offensive security
  • Ability to operate at a high level in a product-driven and fast-paced environment
  • Strong ability to think creatively and critically when approaching issues with no obvious solutions
  • Collaborates with and provide guidance to teammates, members of operations, and other internal teams
  • Excellent ability to analyze, multitask, prioritize not afraid to fail, and learn from experiences
  • Self-motivated and able to work independently and as part of a team

Life At WeWork

Being a WeWorker is more than just a job. We believe the magic of work is sparked by the passion you bring, the places you go, the people you meet and the purpose you follow. And it starts here. Here you will brush shoulders with those who dare to dream and do. Here you will be welcomed by a diverse community that embraces and inspires you—because together we can achieve more. Here we challenge ideas, and explore new ways of getting things done. Whether you are part of our Employee Community Groups, or part of a global project, we ask you to bring your open-minded attitude and collaborative spirit. In return, you will be part of a team where your unique perspectives are celebrated.

WeWork is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon gender, sexual orientation, marital or civil status, pregnancy (or pregnancy-related conditions), gender identity or expression, transgender status or gender reassignment, race, color, national origin or ancestry, citizenship, religion or religious beliefs, age, physical or mental disability, genetic information (including genetic testing and characteristics), military or veteran status, or any other grounds or characteristic that is protected under the law.

As part of our commitment to health and safety, WeWork — like a growing number of employers — is requiring all U.S. employees to be fully vaccinated for COVID-19 as a condition of employment, absent a legal exception for reasonable accommodation. We provide unvaccinated new hires a 45-day grace period after their start date to get fully vaccinated or, if eligible, obtain a reasonable accommodation. If you believe that a legal exception may apply to you, please still apply for any role(s) you are interested in and, if you are hired, you will receive instructions on how to request a reasonable accommodation after your start date. Please note that roles that require in-person work — currently, within our Community (excluding Member Experience), Facilities Management (including Security), Sales (excluding Sales Ops), and Member Technology teams — will not be eligible for work-from-home as an accommodation because it poses an undue hardship on our business.