1

On Call Forensic Engineer Jobs (NOW HIRING)

Senior Detection & Response Engineer

Southlake, TX · On-site +1

$98K - $135K/yr

Participate in an on-call rotation and perform hands-on alert and incident analysis * Analyze ... Hands-on digital forensics experience across endpoint and cloud, including artifact collection ...

They are seeking a Network Engineer to assist with monitoring IT systems, coordinating engineering ... and forensic capabilities • Provide real-time and 24/7 on-call support to worldwide users • ...

OR

$114K - $156K/yr

Conduct thesis-driven threat hunts across forensic data lakes * Continuously research the threat ... This position includes rotational on-call responsibilities; Not brutal-the workload is reasonable ...

Cloud Infrastructure Engineer

White Plains, NY · On-site

$57.75 - $77.25/hr

... in on-call rotations to support production services, perform root cause analysis, and handle ... Forensics & Fraud services and human capital management. Founded in 2004, the company is ...

Senior Infrastructure Engineer

Silver Spring, MD · On-site

$111K - $152K/yr

... • Participate in on-call rotation for infrastructure incidents • Administer Tailscale for ... Volexity is a security firm that assists organizations with incident response, digital forensics ...

Actively participate in and lead the on-call rotation, setting the standard for security incident ... Conduct forensic analysis during security incidents to understand the scope and impact of incidents.

next page

Showing results 1-20

On Call Forensic Engineer information

See salary details

$43.5K

$128.4K

$325K

How much do on call forensic engineer jobs pay per year?

As of Jul 14, 2026, the average yearly pay for on call forensic engineer in the United States is $128,375.00, according to ZipRecruiter salary data. Most workers in this role earn between $87,500.00 and $130,000.00 per year, depending on experience, location, and employer.
What are the most commonly searched types of Forensic Engineer jobs? The most popular types of Forensic Engineer jobs are:
Senior Detection & Response Engineer

Senior Detection & Response Engineer

Greystar

Southlake, TX • On-site, Remote

$98K - $135K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

This job post has expired today. Applications are no longer accepted.


Greystar rating

8.0

Company rating: 8.0 out of 10

Based on 286 frontline employees who took The Breakroom Quiz

51st of 160 rated real estate companies


Job description

Senior Detection & Response Engineer Full time Southlake, Texas | Remote Texas
Apply Now Save Job Job saved

ABOUT GREYSTAR

Greystar is a leading, fully integrated global real estate platform offering expertise in property management, investment management, development, and construction services in institutional-quality rental housing. Headquartered in Charleston, South Carolina, Greystar manages and operates over $300 billion of real estate in more than 265 markets globally with offices throughout North America, Europe, South America, and the Asia-Pacific region. Greystar is the largest operator of apartments in the United States, managing over one million units/beds globally. Across its platforms, Greystar has nearly $79 billion of assets under management, including over $35 billion of development assets and over $36.5 billion of regulatory assets under management. Greystar was founded by Bob Faith in 1993 to become a provider of world-class service in the rental residential real estate business. To learn more, visit www.greystar.com.


JOB DESCRIPTION SUMMARY

Greystar is seeking a Senior Detection & Response Engineer to join our Cybersecurity Operations team. This is a hybrid engineering and operations role for someone who can build detections, write code and automation, run full incident response investigations, and apply solid security engineering fundamentals across our environment. You will own the full loop: engineer the detection, respond to what it catches, and feed those lessons back into stronger coverage. This role spans EDR, IAM, SIEM, Data governance and works closely with our SOC.

JOB DESCRIPTION

Responsibilities

  • Design, build, test, and tune detection rules across our SIEM and security tooling, targeting real attack techniquesobservedin our environment

  • Build scripts, automation, and API integrations (using code and AI tooling) to accelerate detection engineering, investigation, and response workflows

  • Lead incident response investigations end to end, from triage through containment, eradication, and closure

  • Perform host and cloud forensic analysis, including disk, memory, and log artifact examination to reconstruct attacker activity andestablishincident timelines

  • Participate in an on-call rotation and perform hands-on alert and incident analysis

  • Analyze Microsoft 365 and Entra ID log sources including interactive sign-ins, non-interactive sign-ins, audit logs, and the unified audit log

  • Investigate EDR detections, perform process tree analysis, and recommend containment actions

  • Triage and investigate escalations from the SOC

  • Develop andmaintainautomated response playbooks

  • Conduct root cause analysis anddetermineinitial access, persistence, and exfiltration methods during investigations

  • Apply security engineering fundamentals to improve identity security, conditional access, and endpoint posture

  • Produce clear, executive-ready incident briefings, IOC documentation, and technical writeups

  • Identifyand tune false positive patterns to improve detection fidelity

Required Qualifications

  • 6+ years in security operations, detection engineering, incident response, or a combined security engineering role

  • Demonstrated ability to build detections and understand the underlying logic, not justoperatea tool

  • Hands-on digital forensics experience across endpoint and cloud, including artifact collection, timeline reconstruction, and evidence handling

  • Proficiencyscripting and building automation (Python, PowerShell, KQL, or similar), including the effective use of AI tooling to accelerate development

  • Working knowledge of attacker tradecraft and the ability to attribute activity based on TTPs

  • Experience building or consuming API integrations across security and identity platforms

  • Proficiencywith EDR platforms

  • Working knowledge of SIEM platforms and detection rule development

  • Strong understanding of hybrid identity environments, including AD Connect sync behavior and Entra ID

  • Experience investigating modern attack techniques includingAiTMphishing, OAuth consent abuse, BEC, token replay, and living-off-the-land techniques

  • Solid security engineering fundamentals across identity, endpoint, and cloud

  • Willingness toparticipatein an on-call rotation and perform hands-on incident response

  • Strong written communication and documentation discipline

Preferred Qualifications

  • Demonstrated use of AI tools (such as Claude, Copilot, or similar) to accelerate detection engineering, investigation workflows, scripting, and documentation

  • Experience prompting and directing AI models to produce useful outputs in a security context, including log analysis, detection logic drafting, and incident timeline construction

  • Familiarity with Microsoft Sentinel, including analytic rule development using KQL and automation via Logic Apps or Playbooks

  • Familiarity with Microsoft Entra ID, Purview and Defender Suite

  • Hands-on experience with CrowdStrike Falcon, including alert triage, process tree analysis, and prevention policy management

  • Experience with identity security tooling such as Saviynt, Entra ID Protection, or similar IGA and privileged access platforms

  • Prior experience in a large enterprise or managed security environment (5,000+ endpoints or 10,000+ users)

  • Relevant certifications such as GCIA, GCIH, GCFE, GCFA, SC-200, AZ-500, or equivalent

What You'll Work On

This is a hands-on role with real ownership. You will build the detections that protect Greystar, respond to the incidents they surface, and continuously improve coverage based on what you learn in the field. You will write the automation that makes the team faster, investigate live compromises, and have direct input into detection strategy, SIEM direction, and identity security architecture. You will work directly with the Senior Manager of Cybersecurity Operations on initiatives including our SIEM migration to Microsoft Sentinel and ongoing detection engineering buildout.

Additional Compensation:

Many factors go into determining employee pay within the posted range including business requirements, prior experience, current skills and geographical location.

  • Corporate Positions:Inaddition to the base salary, this role may be eligible to participateina quarterly or annual bonus program based onindividual and company performance.

  • Onsite Property Positions:Inaddition to the base salary, this role may be eligible to participatein weekly, monthly, and/or quarterly bonus programs.

Robust Benefits Offered*:

  • Competitive Medical, Dental, Vision, and Disability & Lifeinsurance benefits. Low (free basic) employee Medical costs for employee-only coverage; costs discounted after 3 and 5 years of service.

  • Generous Paid Time off. All new hires start with 15 days of vacation, 4 personal days, 10 sick days, and 11 paid holidays. Plus your birthday off after 1 year of service! Additional vacation accrued with tenure.

  • For onsite team members, onsite housing discount at Greystar-managed communities are available subject to discount and unit availability.

  • 6-Week Paid Sabbatical after 10 years of service (and every 5 years thereafter).

  • 401(k) with Company Match up to 6% of pay after 6 months of service.

  • Paid Parental Leave and lifetime Fertility Benefit reimbursement up to $10,000 (includes adoption or surrogacy).

  • Employee Assistance Program.

  • Critical Illness, Accident, HospitalIndemnity, PetInsurance and Legal Plans.

  • Charitable giving program and benefits.

*Benefits offered for full-time employees. For Union and Prevailing Wage roles, compensation and benefits may vary from the listedinformation above due to Collective Bargaining Agreements and/or local governing authority.

Greystar will consider for employment qualified applicants with arrest and conviction records.

Important Notice: Greystar will never request your banking details or other sensitive personal information during the interview process. Greystar does not conduct any interviews via text or messaging, and all communication will come from official Greystar email addresses (@greystar.com). If you receive suspicious requests, please report them immediately to AskHR@greystar.com.

Apply Now Save Job Job saved

What Greystar employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom