Role Description
Activision is seeking an Expert Detection and Response Engineer to help protect our players, studios, platforms, and enterprise environments from advanced cyber threats. As part of our Global Security Operations organization, this role is responsible for actively identifying, investigating, and responding to security threats. This role is highly hands-on and focuses on real-world attacker behavior, rapid analysis, and effective containment.
Responsibilities
-
Detect, investigate, and respond to security incidents across cloud, corporate, and production environments as a hands‑on member of the TDIR team.
-
Monitor and analyze security telemetry and audit logs to identify anomalous activity, unauthorized access, and emerging threats, including targeted attacks and advanced adversaries.
-
Perform alert triage, in‑depth investigation, and forensic analysis across the full incident lifecycle, from identification through containment, remediation, and post‑incident review.
-
Execute endpoint, identity, cloud, and malware investigations, including timeline reconstruction, indicator extraction, and root cause analysis.
-
Develop, refine, and tune threat detections within the SIEM based on real‑world attacker behavior and investigation findings.
-
Enhance investigation and response efficiency through automation, SOAR workflows, scripting, and advanced analytics.
-
Design, build, or operate AI/LLM-assisted triage and enrichment workflows (e.g., agentic pipelines integrated with case management platforms) to accelerate investigation and reduce analyst toil.
-
Evaluate and harden AI-assisted security tooling against adversarial input, including prompt injection and verdict-poisoning risks introduced via analyzed artifacts, applying schema-constrained or otherwise bounded output design rather than relying solely on input-side filtering.
-
Contribute to TDIR procedures, playbooks, runbooks, documentation, and operational metrics.
-
Collaborate closely with engineering teams, business stakeholders, and vendors during active investigations and response efforts.
-
Participate in an on‑call rotation and provide off‑hours support for critical incidents and material security events.
-
Communicate investigation findings clearly and effectively to technical teams and leadership.
-
Occasional travel (up to approximately 10%) may be required to support studios or on-site incident response.
Qualifications
-
Bachelor’s degree in computer science, Information Security, or equivalent practical experience.
-
10+ years of progressively accountable security experience, with a demonstrated track record of independent, expert-level judgment in incident response.
-
Hands‑on experience in threat detection, security operations, and incident response, with active involvement across the full incident lifecycle.
-
Strong understanding of the modern threat landscape, attacker tactics, techniques, and procedures.
-
Proven ability to detect, triage, investigate, and respond to security incidents in enterprise environments.
-
Experience performing detailed log analysis, correlation, and investigative triage.
-
Strong written and verbal communication skills, with the ability to clearly articulate incident findings and response actions.
-
Ability to work independently and collaboratively within the TDIR team and with technical and business stakeholders.
-
Willingness to participate in an on‑call rotation and provide off‑hours support for critical security incidents.
-
Hands-on experience with security monitoring platforms such as SIEM and EDR, including building or significantly extending detection content (not solely tuning existing rules).
-
Scripting or programming experience (e.g., Python, PowerShell, KQL) to support detection, investigation, or response automation.
-
Strong host- and network-based forensic skills, including timeline reconstruction and root cause analysis.
-
Working knowledge of how LLMs are applied to security operations (alert enrichment, auto-triage, summarization) and the failure modes specific to that application, such as hallucinated verdicts, injection via log or artifact content, and over-trust in model output.
-
Fluency in English.
Preferred Qualifications
-
12+ years of relevant IT and security experience, including prior leadership or mentorship of less-senior analysts.
-
Hands‑on malware analysis experience using static and dynamic techniques.
-
Experience implementing or operating SOAR platforms and security automation.
-
Hands-on experience building or integrating AI-assisted triage into a SOC workflow (SOAR, case management, or custom pipeline), including designing constrained output schemas or guardrails rather than relying solely on vendor-side content filtering.
-
Familiarity with emerging threat models for AI-augmented security tooling, such as prompt injection and verdict poisoning via analyzed artifacts.
-
Identity-focused detection experience, including Active Directory, hybrid identity, and privileged account monitoring.
-
Understanding foundational security best practices, including system and network hardening.
-
Ability to assess incidents quickly, recommend effective response actions, and mitigate operational and reputational risk.
-
Experience interfacing effectively with leadership, engineering teams, and external vendors.
-
Demonstrated engagement with the cybersecurity community or strong evidence of self‑driven learning and professional contribution.
Benefits
-
Medical, dental, vision, health savings account or health reimbursement account, healthcare spending accounts, dependent care spending accounts, life and AD&D insurance, disability insurance.
-
401(k) with Company match, tuition reimbursement, charitable donation matching.
-
Paid holidays and vacation, paid sick time, floating holidays, compassion and bereavement leaves, parental leave.
-
Mental health & wellbeing programs, fitness programs, free and discounted games, and a variety of other voluntary benefit programs like supplemental life & disability, legal service, ID protection, rental insurance, and others.
-
If the Company requires that you move geographic locations for the job, then you may also be eligible for relocation assistance.