Key skills
Threat detectionIncident responseThreat intelligenceSecurity operationsCloud-first environmentsSIEMEDRSOARDetection engineeringAI-driven detectionBehavioral analyticsPythonPowerShellTechnical investigationsMITRE ATT&CKThreat modellingDetection gap analysisISO 27001SOC 2HITRUSTHIPAAAILLMAgenticAnalyticsSaaSLeadershipCommunication
About this role
Vero is a fast-scaling healthcare technology company focused on transforming healthcare delivery through modern data infrastructure. They are seeking a Staff Security Engineer (Threat & Response) to lead threat detection, incident response, and security operations, driving innovation and enhancing security capabilities across their environments.
Responsibilities:
- Own and evolve the end-to-end threat detection and response capability across SaaS and corporate environments
- Lead SIEM strategy, detection engineering, alert tuning, and AI-driven security operations
- Build scalable automation and detection-as-code capabilities to improve response speed and reduce alert fatigue
- Act as the technical lead during security incidents, driving investigation, containment, recovery, and post-incident analysis
- Align threat intelligence, threat modelling, and detection coverage against real-world adversary behaviour
- Help scale and mature a follow-the-sun security operations function, improving processes, analyst quality, and operational readiness
- Partner closely with engineering, infrastructure, compliance, and leadership teams to continuously strengthen security posture
Requirements:
- Strong background in threat detection, incident response, threat intelligence, or security operations within cloud-first environments
- Hands-on experience with SIEM, EDR, SOAR, and modern detection engineering practices
- Experience building or operating AI-driven detection, automation, or behavioural analytics capabilities
- Strong scripting and automation skills using Python, PowerShell, or similar technologies
- Proven experience leading technical investigations and incident response during live security events
- Strong understanding of MITRE ATT&CK, threat modelling, and detection gap analysis
- Experience working in regulated environments such as ISO 27001, SOC 2, HITRUST, or HIPAA
- Strong communication skills and the ability to operate effectively in high-pressure environments
- Experience with LLM-driven SOC workflows or agentic AI security tooling
- Exposure to healthcare, health-tech, or sensitive data environments
- Security certifications such as GCIA, GCIH, GCFA, GCTI, or CISSP