Sr. Incident Response (IR) Detection Engineer

PENNYMAC

Pennymac (NYSE : PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market.

At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey.

A Typical Day

The Pennymac Information Security department is looking to bring on a Senior IR Detection Engineer to drive our Threat Detection and Response efforts. You will specialize in developing sophisticated signatures, queries, alerts, and dashboards to detect and neutralize cyber threats in a complex cloud environment while focusing on the SOC analyst experience.

The Senior IR Detection Engineer will :

Detection as Code : Design, develop, test, and deploy high-quality detection rules using version control systems (e.g., Git) and CI / CD pipelines.

Drive the overall detection engineering lifecycle including processes, improvements, and innovations.

Use inputs from Threat Intelligence (TI) and threat modeling exercises to identify critical detection gaps.

Maintain a comprehensive risk detection coverage mapping to communicate current coverage and show improvements.

Serve as the primary author and reviewer of new detectors, ensuring proper documentation and testing.

Continually observe the performance of existing detectors and tune them to reduce false positives and ensure they remain valuable.

Leverage AI / ML capabilities to enhance the detection engineering lifecycle and identify anomalies.

Partner with the Security Engineering team to configure, maintain, and optimize security monitoring tools to ensure maximum data ingestion quality and search performance.

Incident Response & Operations Support

L1 Support : Act as a tier-2 technical escalation point for the L1 SOC, providing expertise in triage, root cause analysis, and remediation planning for complex security alerts.

Perform in-depth host and network analysis across various environments with a primary focus on Windows, Cloud (AWS, Azure, GCP), and SaaS technologies.

Execute the full IR lifecycle and lead incident handling during major security events.

Serve as a technical escalation point for complex or novel security incidents.

Develop and review Standard Operating Procedures (SOPs), playbooks, and other documentation for the IR team.

Provide thought leadership on strategic objectives such as processes, technologies, and exercises.

Mentor and train junior and mid-level incident responders on advanced techniques, tools, and best practices.

What You’ll Bring

Deep understanding of hacking techniques and tools including evasion techniques, reconnaissance, scanning, exploitation, evasion, lateral movement, persistence, and exploits.

Strong understanding of MITRE ATT&CK Framework.

Strong understanding of all phases of security incident handling and forensics including probing and attack methods, network / service discovery, system assessment, threat containment / eradication, and conducting retrospects to drive operational improvement.

Strong understanding of network technologies including TCP / IP, IDS / IPS, firewalls, LAN, WLAN, and WAN.

Expert understanding of AWS IaaS / PaaS, Linux, Windows Server, Windows Desktop, VMWare, Containers, and MacOS.

Experience operating and maintaining SIEM technology and providing feedback to engineering teams to continually improve technology capabilities.

Past experience in a Cyber Security Operations Center as a Security Analyst is desired.

Desired 2+ years of experience in Python and / or other scripting languages to automate common tasks and / or response actions.

Desired experience in Snowflake or similar Data Lake Technology.

Strong written and verbal communication.

Ability to self-start and spearhead initiatives with minimal direction and oversight.

Why You Should Join

As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values : to be Accountable, Reliable and Ethical in all that we do. Pennymac is committed to conducting a business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.

Benefits That Bring It Home : Whether you're looking for flexible benefits for today, setting up short-term goals for tomorrow, or planning for long-term success and retirement, Pennymac's benefits have you covered. Some key benefits include :

Comprehensive Medical, Dental, and Vision

Paid Time Off Programs including vacation, holidays, illness, and parental leave

Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)

Retirement benefits, life insurance, 401k match, and tuition reimbursement

Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships

To learn more about our benefits visit :

For residents with state required benefit information, additional information can be found at :

Compensation : Individual salary may vary based on multiple factors including specific role, geographic location / market data, and skills and experience as defined below :

Lower in range - Building skills and experience in the role

Mid-range - Experience and skills align with proficiency in the role

Higher in range - Experience and skills add value above typical requirements of the role

Some roles may be eligible for performance-based compensation and / or stock-based incentives awarded to employees based on company and individual performance.

Salary

$90,000 - $150,000

Work Model

REMOTE