As a skilled security engineer, you will play a key role in designing and operating a modern detection pipeline integrated with security automation workflows. You will use your expertise in Python and structured data to map adversary behaviors and response logic to drive faster, more effective security outcomes.

This is a strategic contributor position focused on building and operating scalable systems to detect threats and trigger automated responses. You will integrate AI into detection and response workflows to accelerate rule development, streamline enrichment, and reduce investigation time, with human validation ensuring precision and alignment.

The scale and complexity of the telemetry demand improved detection engineering and automation. You will work collaboratively with cross-functional teams to embed detection and response into system design, operational processes, and organizational priorities.

• Implement and operate detection systems, including scalable cloud-native SIEM platforms supporting ingestion from identity, endpoint, SaaS, and infrastructure sources.
• Develop and maintain detection coverage maps aligned to MITRE ATT&CK techniques, threat modeling, and incident history.
• Leverage AI to accelerate detection rule creation, enrichment, and triage insights, and conduct AI-assisted threat hunting to surface novel behaviors and codify them as deterministic detections.
• Build detection observability tools and dashboards to monitor rule effectiveness, alert volumes, and system performance.
• Design and implement SOAR workflows and automated response playbooks with built-in observability, rollback, and reliability controls.
• Leverage AI within SOAR for adaptive enrichment, workflow generation, and documentation, while continuously tuning automation based on incident outcomes.
• Lead incident response activities as part of the incident commander rotation, and drive continuous improvement of runbooks and playbooks using lessons learned and AI support for timelines and summaries.
• Collaborate cross-functionally with engineering and business stakeholders to embed detection and response into system design, operational processes, and organizational priorities.

• 5+ years in security engineering, detection engineering, or threat-focused automation roles.
• Strong knowledge of MITRE ATT&CK framework, detection logic, and IOC/IOA patterns.
• Familiarity with MITRE D3FEND for defense-in-depth and response playbook design.
• Hands-on experience designing, deploying, or managing SIEM platforms (vendor-neutral mindset preferred).
• Strong Python scripting skills for integrations, enrichment logic, and playbook development.
• Experience working with structured data formats such as JSON, YAML, logs, and metrics.
• Familiarity with SaaS logging constraints and cloud-native telemetry, preferably AWS.
• Understanding of event-driven architecture and API-driven integrations.
• Demonstrated ability to use AI tools to accelerate scripting, generate or translate detection rules, or assist with enrichment workflows, always with human validation for accuracy.
• Comfortable working autonomously and cross-functionally to deliver reliable detection outcomes.

• Experience building or maintaining detection pipelines using Elastic, Panther, or similar platforms.
• Experience with detection-as-code practices, managing detection logic as version-controlled code with testing and CI/CD.
• Experience writing detection rules in formats such as Sigma, including contributing to open-source or internal detection libraries.
• Experience with MITRE frameworks: ATT&CK (adversary techniques), D3FEND (defensive techniques), and ATLAS (AI-related attacks).