Develop, tune, document, and maintain detection logic across multiple log sources including endpoint, cloud, container, and SaaS products.
Assist in cyber forensic investigations across a variety of log sources
Optimize log ingestion pipelines and telemetry collection to ensure high-quality, actionable security data while managing volume and cost
Design and build SOAR playbooks and automation workflows to streamline detection triage, enrichment, and response actions
Mentor junior security analysts and detection engineers on threat hunting methodologies, detection logic development, and investigation techniques

Requirements

5+ years of experience in a detection engineering, incident response, or offensive security role.
Experience with 1 or more public cloud platforms (AWS, Azure, GCP)
Deep understanding of attacker TTPs across modern zero trust environments, including identity compromise, token theft, and abuse of trust boundaries
Proficient understanding of macOS internals and telemetry available to identify macOS specific threats
Experience implementing detection-as-code workflows including version control, peer review processes, automated testing, and CI/CD deployment pipelines
Basic proficiency with Python, Golang, or other programming languages
Relevant certifications: GCFA, GCFE, GNFA, GREM, OSCP, GCIA, or similar.
Background in offensive security or red teaming (preferred)
Knowledge of machine learning for threat detection (preferred)

Benefits

Competitive salary
New hire equity grant
Annual refresh grants

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection engineeringincident responseoffensive securitylog ingestion pipelinestelemetry collectionSOAR playbooksautomation workflowsdetection-as-codePythonGolang

Soft Skills

mentoringcommunicationcollaborationproblem-solvingleadership

Certifications

GCFAGCFEGNFAGREMOSCPGCIA