Senior Security Engineer

About this role

Responsibilities

• Domain Ownership: Serve as the domain expert for Detection & Response, integrating telemetry from across our entire ecosystem—including Product, Cloud, Corporate Infrastructure, and Identity—to build a unified, high-fidelity detection and response engine.
• Technical Project Execution: Translate high-level project requirements and technical scoping documents into actionable milestones, managing task delivery and driving cross-functional results.
• Architect Modern Detection: Design and implement precise, actionable alerting within Google Security Operations (SIEM/SOAR), treating detections as code and ensuring they scale with our high-volume data ingestion.
• Combat Modern Threats: Develop specialized detection logic and playbooks to identify and mitigate application-layer abuses, customer account-targeted events (ATO), and sophisticated social engineering.
• Operational Lead (EMEA): Serve as the primary technical lead for security incidents during EMEA hours, driving investigations, containment efforts, and cross-functional communication.
• Build Threat Intelligence: Evolve Mixpanel’s threat intelligence program by identifying relevant adversaries and translating tactical intel into proactive SIEM/SOAR logic.
• Infrastructure Management: Ensure the operational health and telemetry flow of our core security stack—including SentinelOne, GCP ****Security Command Center, and Mimecast Incydr—to maintain continuous visibility and alerting integrity.
• We're Looking For Someone Who Has
• Security Engineering Foundations: Experience operating across the core pillars of a modern security program—including Product, Cloud, and Corporate Security. You are comfortable navigating Identity (IAM), threat modeling, and secure code reviews as part of a unified team.
• Detection & Response Specialization: A deep understanding of the detection-as-code lifecycle. You have experience turning raw telemetry into precise, actionable alerting and building the infrastructure required to defend a high-scale SaaS environment.
• Operational Execution: The ability to manage a high volume of daily security tasks. You are prepared to handle a diverse range of responsibilities—from triaging vulnerabilities and policy violations to investigating suspicious activity across the entire stack.
• Cloud Data Proficiency: Proficiency with the Google Cloud Platform ecosystem (specifically Cloud Logging, BigQuery, and Pub/Sub) to build automated security data pipelines and maintain visibility across high-volume environments.
• Modern Automation & AI: Proficiency in Python to develop automated workflows and integrate security tools via APIs. You are comfortable leveraging AI and LLMs to build autonomous security workflows—such as automated alert enrichment, intelligent incident summarization, and AI-assisted code analysis—to drastically reduce time-to-context.
• Bonus Points For
• Threat Intelligence Maturity: Experience evaluating and embedding external intelligence—including dark web monitoring, brand protection, and adversary tactics—into a security program. You know how to identify where a specific intelligence source provides the most defensive value and how to integrate that data into automated workflows.
• Security Outreach & Mentorship: Experience leading "Security Champions" initiatives or a demonstrated ability to elevate the security IQ of non-security teams. You help others think critically about threat identification and telemetry—explaining the "why" behind visibility requirements when building new features or onboarding third-party vendors.
• Deception & Canary Strategies: Familiarity with deploying deception techniques (e.g., honeytokens, canary credentials, or "fake" internal endpoints) to provide high-fidelity signals of unauthorized lateral movement or credential misuse.
• Platform & Infrastructure Experience: Prior experience with enterprise-grade security tools such as Endpoint Detection & Response (EDR), Email Security gateways, and Cloud-native Security Command Centers.
• SaaS & Analytics Scale: Experience defending an environment with massive, high-volume data ingestion and complex user-access patterns similar to Mixpanel’s architecture.
• Offensive Security Exposure: Experience with vulnerability coordination platforms, automated external scanning, or managing findings from bug bounty programs.

About Mixpanel

Mixpanel turns data clarity into innovation. Trusted by more than 29,000 companies, including Workday, Pinterest, LG, and Rakuten Viber, Mixpanel’s AI-first digital analytics help teams accelerate adoption, improve retention, and ship with confidence. Powering this is an industry-leading platform that combines product and web analytics, session replay, experimentation, feature flags, and metric trees. Mixpanel delivers insights that customers trust. Visit mixpanel.com to learn more. About the Information Security Team We believe security isn't just a function—it's a platform for bold ideas. The Information Security Team at Mixpanel is a small, high-impact group committed to building a frictionless security program that serves as a model for our company and the broader industry. This is a team for those who are never satisfied, who dream big, and who have the resilience to see those ideas through. We operate at the intersection of business strategy and technical execution, where we are critical partners to every team at Mixpanel. Our work requires a broad, generalist skill set across vulnerability management, threat detection, and access management. We strategically balance necessary compliance work with proactive initiatives, with a constant focus on automation as the path to a more efficient security program. We use our expertise in a variety of well-known security platforms and tools to create seamless, automated processes that empower our peers. We are a lean team by design, and we succeed or fail together, committed to transparent communication and a strong sense of ownership.