Member of Technical Staff - Incident Detection & Response
reflection.ai
Location
New York
Employment Type
Full time
Location Type
On-site
Department
Engineering
Our Mission
Reflection’s mission is to build open superintelligence and make it accessible to all.
We’re developing open weight models for individuals, agents, enterprises, and even nation states. Our team of AI researchers and company builders come from DeepMind, OpenAI, Google Brain, Meta, Character.AI, Anthropic and beyond.
Role Overview
Reflection is looking for a Member of Technical Staff - Incident Detection & Response to build our detection and response capabilities from the ground up. You will have a high level of autonomy to architect solutions and drive them through both technical and organizational adversity. This role is ideal for an engineer who thrives in high-ownership, low-structure environments and has a strong "0 to 1" mindset.
Key Responsibilities
Establish and lead the IDR/DFIR function, bringing an opinionated perspective on how to build a world-class program from scratch
Design and build the IDR infrastructure required to collect, aggregate, and route logs across geographically disparate Kubernetes clusters hosted across multiple cloud providers
Develop high-fidelity alerting systems that balance large log volumes with the need to minimize alert fatigue
Identify risks and implement mitigations for agentic AI assistants (e.g., OpenClaw, Claude Code) and protect critical assets like model weights and training data.
Develop containment mechanisms and entity-tracking pipelines that span laptops, SaaS platforms, and cloud/Kube infrastructure
-
Develop, maintain, and test incident response playbooks
Required Qualifications
Experience bootstrapping an IDR or DFIR function from scratch
Familiarity with modern SIEM/SOAR systems
Experience working with various EDR/XDR platforms
Strong proficiency in macOS and Linux environments
Extensive experience working with diverse log sources including but not limited to GCP, AWS, Azure, Google Workspace, major SaaS platforms, and neocloud providers such as Together.ai, Anyscale, VoltagePark, Nvidia, GMI Cloud, etc.
Expertise in managing and building on Kubernetes clusters, including deploying and managing IDR tooling in multi-cloud Kubernetes environments
Well-founded opinions on how to detect and mitigate risk around agentic AI assistants
Familiarity with browser and memory forensics techniques
Experience with major telemetry aggregation, filtering, and routing systems such as Cribl or BindPlane
Comfort with Python and Golang
What We Offer:
We believe that to build superintelligence that is truly open, you need to start at the foundation. Joining Reflection means building from the ground up as part of a small talent-dense team. You will help define our future as a company, and help define the frontier of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
Top-tier compensation: Salary and equity structured to recognize and retain the best talent globally.
Health & wellness: Comprehensive medical, dental, vision, life, and disability insurance.
Life & family: Fully paid parental leave for all new parents, including adoptive and surrogate journeys. Financial support for family planning.
Benefits & balance: paid time off when you need it, relocation support, and more perks that optimize your time.
Opportunities to connect with teammates: lunch and dinner are provided daily. We have regular off-sites and team celebrations.