Threat Detection Engineer

Key Responsibilities

• Design and implement detection logic across SIEM/SOAR platforms, including Splunk, Google Chronicle (SecOps), and Elastic/Logstash.
• Build scalable detection rules, analytics, and anomaly models to detect adversary TTPs aligned with MITRE ATT&CK.
• Develop and maintain detection-as-code using Python and YAML-based rule formats (e.g., Sigma, YARA-L, Kusto, or Lucene).
• Design and evaluate LLM-assisted detection and triage workflows, including prompt engineering for alert enrichment, summarization, and classification.
• Build and maintain AI-augmented detection pipelines: anomaly scoring, embedding-based similarity search, natural language parsing for phishing and social engineering detection, and LLM-based log analysis.
• Apply AI security literacy to identify and detect risks in AI-integrated environments, including prompt injection, model abuse, data exfiltration via LLMs, and shadow AI usage.
• Perform quality assurance and validation of alerts — including AI-generated signals — to minimize false positives and increase signal fidelity.
• Leverage Snowflake and SQL to normalize and query large datasets across multiple telemetry sources, including AI system logs and API call records.
• Contribute to infrastructure-as-code workflows for detection deployment (e.g., Terraform, GitOps pipelines).
• Collaborate with Threat Intelligence and IR teams to translate threat actor TTPs — including those targeting AI systems — into actionable detections.
• Participate in detection tuning, red/blue team exercises, and post-incident reviews, including adversarial testing of AI-assisted detection logic.
• Maintain availability for 24x7 on-call rotation and ensure timely response to security incidents during standard EST business hours.

Required Qualifications

• 2-4 years in a security engineering or other relevant security operations role.
• Proficiency with Splunk, Elastic Stack, Google SecOps (Chronicle), and/or Logstash.
• Strong programming or scripting experience in Python and SQL.
• Working experience authoring detection logic using YARA-L, Sigma, or equivalent formats.
• Demonstrated AI literacy: hands-on experience using LLM APIs (e.g., OpenAI, Anthropic, Google Gemini) or AI/ML frameworks for security use cases, including prompt engineering, retrieval-augmented generation (RAG), or agentic workflows.
• Understanding of AI/ML concepts relevant to detection: anomaly detection, clustering, embedding models, LLM-based enrichment, and the limitations and failure modes of these approaches.
• Ability to assess and detect AI-specific threats: prompt injection, model inversion, training data poisoning, and LLM-facilitated social engineering.
• Experience working with cloud-scale security data and log management tools.
• Familiarity with MITRE ATT&CK, threat modeling, and behavioral-based detections.
• Knowledge of Infrastructure-as-Code (IaC) and version control systems (e.g., GitHub, Terraform, GitLab CI/CD).

Preferred Qualifications

• Industry security certifications such as GCIA, GCIH, GCFA, Security+, or AI/ML security credentials.
• Experience with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), including GKE security posture management, audit logging, and cloud-native workload monitoring.
• Experience building or operating SOAR integrations with LLM-assisted triage or response recommendations.
• Hands-on experience with agentic AI frameworks (e.g., LangChain, LlamaIndex, or custom tool-use pipelines) applied to security automation.
• Familiarity with Snowflake's Security Data Lake or cloud-native log pipelines, including telemetry from AI platforms (e.g., OpenAI API logs, Azure AI services).
• Exposure to red team/blue team collaboration, threat hunting, or adversary emulation frameworks, with emphasis on AI-enabled attack scenarios.
• Experience red-teaming or evaluating LLM-based systems for security weaknesses.
• Contributions to open-source detection or AI security tooling projects.

Compensation & Benefits

• Comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.