Architect, build, and optimize cloud detection pipelines: telemetry ingestion, log processing, alerting, detection-as-code workflows, and automated analysis frameworks.
Develop advanced detections for cloud-native threats: IAM misconfigurations, lateral movement across cloud services, runtime/container attacks, serverless abuse, data-exfiltration patterns, persistence mechanisms, and cloud control-plane manipulation.
Lead cloud threat research: track emergent attacker tradecraft, cloud-native TTPs, abuse of managed services, supply-chain risks, ephemeral compute patterns, and multi-cloud attack surfaces.
Conduct advanced investigations involving cloud logs, control-plane events, network telemetry, and container/runtime signals.
Collaborate deeply with cloud engineering, platform teams, and DevOps to embed telemetry early in design — instrumentation, log generation, audit events, and detection hooks across cloud services.
Recommend and drive enhancements to cloud observability and detection coverage, backed by analysis of gaps, adversary opportunities, and telemetry blind spots.
Influence architectural decisions and strategic initiatives through data, technical depth, and adversary-focused perspectives.
Mentor other detection engineers by setting standards for detection logic, code quality, cloud telemetry hygiene, and investigation methodology.

Requirements

8 to 15+ years of experience in cloud threat detection, cloud security engineering, incident response, threat hunting, or equivalent.
Strong expertise with AWS and at least one of Azure or GCP; deep knowledge of cloud control-plane events, service logs, runtime/container ecosystems, and network architectures.
Proven ability to design and deliver high-fidelity cloud detections in large-scale environments, with understanding of FP/FN trade-offs and detection-as-code methodologies.
Strong engineering ability: Python, Go, or equivalent languages; familiarity with CI/CD, infrastructure-as-code, and cloud automation.
Demonstrated ability to lead complex cloud investigations and turn findings into durable detection logic.
Strong understanding of cloud threat models: identity-based attacks, misconfiguration abuse, boundary-less lateral movement, data-exfiltration paths, and cloud service exploitation.
Ability to influence platform teams, propose architectural improvements, and advocate for telemetry and detection requirements with clear rationale and evidence.

Benefits

Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cloud threat detectioncloud security engineeringincident responsethreat huntingAWSAzureGCPPythonGodetection-as-code

Soft Skills

leadershipmentoringcollaborationinfluencecommunicationanalytical thinkingproblem-solvingstrategic thinkingtechnical depthadvocacy