Security Engineer - Threat Detection

What You Will Do

• Develop and deploy detections using modern engineering practices (testing/validation, CI/CD pipelines, detections as code, detection development lifecycle, etc.), including both rules-based and AI-assisted detections.
• Mature our threat detection program by analyzing gaps and mitigating risks via detective controls, including experimentation with AI/ML approaches where they improve signal-to-noise ratio or analyst efficiency.
• Build and maintain strong partnerships with our stakeholders to provide detection as a service, including self-service patterns, reusable components, and AI-enhanced detections that support their domains.
• Continuously measure and improve detection quality (coverage, precision/recall, false positive rate, latency).

What You Need

Security Engineering Experience

• Threat Detection, Incident Response, Threat Hunting, Product Security, Corporate Security, or other related disciplines.

Technical Skills

• Solid experience writing code (Python, Go, etc.), with desire to apply to AI/ML-powered use cases in detection and response.
• Experience collaborating with various security teams and stakeholders.
• Ability to review and analyze logging and observability requirements that support detection and response.
• Risk-based approach to security to prioritize key initiatives and determine AI value over traditional rules/heuristics.
• Knowledge of current security landscape: cloud security, identity and access, SaaS security, endpoint security, data security, insider risk.
• Automation-first mindset: CI/CD, infrastructure as code, detections as code.

Minimum Qualifications

• Experience with development in high-level programming language (Go, Python, etc.), applied to data-heavy, automation, or AI-related projects.
• Experience handling data programmatically (SQL, Python, etc.), including large-scale log and telemetry datasets.
• Experience writing production code including unit tests, version control, and CI/CD integration.
• Experience with at least one major cloud provider (AWS, Azure, GCP) and its logging, monitoring, security services.
• Familiarity with SaaS and workstation risks (account compromise, data exfiltration, phishing, supply chain attacks).

Preferred Qualifications

• Computer Science degree or equivalent.
• Infrastructure as code (Terraform, CloudFormation), detections as code frameworks.
• Production-level software for high-volume data streams (logging, metrics, traces) or security analytics.
• Deploying detections at global scale.
• Experience with Snowflake or equivalent cloud data platforms, data pipelines, security workloads.