Cybersecurity Detection and Threat Engineer

Pontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor. 

Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors. 

Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security. 

Our team is fast-growing and driven to become one of the largest fintech companies in the world.  Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside. That’s where you come in.

We’re looking for a Cybersecurity Threat Detection & Response Engineer to lead and grow this critical function as part of our expanding security team. This role will focus on evolving Pontera’s detection engineering, incident response, and security automation capabilities to support our growing organization and evolving threat landscape.

You’ll join a mature and collaborative environment where foundational work has already been laid, and you'll have the opportunity to advance how we detect, investigate, and respond to threats - with the support of strong cross-functional partnerships and best-in-class tools.

RESPONSIBILITIES

Detection Engineering

• Develop, tune, and maintain detection rules, correlation logic, and alerting workflows within our SIEM.
• Integrate high-quality telemetry from cloud environments, infrastructure, SaaS applications, and internal systems.
• Collaborate with Engineering and DevOps to improve visibility, signal-to-noise ratio, and logging coverage.

Automation & Enrichment

• Design and implement enrichment and response automation (e.g., SOAR platforms, serverless functions).
• Explore and integrate LLM-based agents or AI-enhanced triage/classification tools where practical.
• Continuously improve response playbooks, integrations, and automation pipelines.

Incident Response Leadership

• Serve as the operational lead for security incident response, from triage through resolution and post-incident review.
• Maintain and evolve IR runbooks; lead tabletop exercises to strengthen organizational readiness.
• Coordinate investigations across Security, Engineering, GRC, IT, and Legal as needed.

Metrics & Reporting

• Own and continuously improve dashboards and reporting that track key detection and response KPIs (e.g., MTTR, detection coverage, false positive rates).
• Deliver data-driven insights to security and engineering leadership to inform strategy and operational improvements.

Case Management

• Take responsibility for the case management lifecycle across detection, triage, and incident handling.
• Ensure the incident handling process is tightly integrated with automation, documentation standards, and relevant security tooling.
• Evaluate opportunities to enhance case tracking infrastructure in alignment with program growth and maturity.

Collaboration & Growth

• Partner cross-functionally with teams in Engineering, DevOps, IT, Privacy, and GRC.
• Support ongoing vendor relationships and bring a continuous improvement mindset to tooling and processes.

REQUIREMENTS

• 5+ years in a threat detection, SOC, or incident response role in a cloud-native environment.
• Strong hands-on engineering experience with SIEM tools (e.g., Sumo Logic, Sentinel, Splunk, ELK).
• Solid scripting and automation skills (Python preferred); familiarity with SOAR platforms or cloud-native functions (Lambda, GCP Cloud Functions).
• Deep understanding of cloud environments (AWS/GCP), logging, and security telemetry.
• Experience managing real-world incidents in production systems.
• Experience managing or enhancing security case management processes and tooling.
• Familiarity with AI/LLM tools applied to security - a plus.
• Hands-on experience with technologies supporting web application protection, fraud detection, behavioral analytics, and automated threat mitigation (e.g., Cloudflare, AWS WAF, Akamai, Imperva, ThreatMetrix) - a plus

• Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
• Team Culture: A collegial, collaborative, fun work environment with frequent team events
• Equity: All new hires are eligible for equity grant participation
• Professional Development: Sponsored learning & development program
• Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)