about 3 hours ago
Kansas City, MO, USA or Scottsdale, AZ, USAMid Level / Senior
Responsibilities
- Author, tune, and maintain detection rules and threat content across Google SecOps and Microsoft Sentinel.
- Build and validate log parsers for new data sources integrated into customer environments.
- Develop and maintain SOAR playbooks, automation workflows, and dashboards for operational use cases.
- Build cloud run functions, scripts, and API integrations where native connectors do not exist.
- Collaborate with Deployment Engineers to ensure content readiness for new customer go-lives.
- Monitor detection coverage gaps and proactively develop content to address them.
- Incorporate threat intelligence and adversary TTPs into detection logic.
- Train customers on detection content, dashboards, and platform capabilities.
- Document all content with clear metadata, use cases, and tuning notes.
- Support AI-assisted content generation workflows with human review.
Requirements
- 3+ years in detection engineering, content engineering, or security operations.
- Strong proficiency in SIEM detection rule development, such as YARA-L or KQL.
- Experience building and maintaining SOAR playbooks and automation workflows.
- Proficiency with log parser development for diverse data sources.
- Knowledge of the MITRE ATT&CK framework and its application to detection content.
- Experience with Python, cloud run functions, and REST API integrations.
- Experience building security dashboards for operational use cases.
- Understanding of threat intelligence and actionable detection logic.
Benefits
- Opportunity to work with cutting-edge AI-driven cybersecurity technologies.
- Collaborate with a talented and innovative team focused on improving security operations.
- Competitive salary and benefits package.
- Culture of growth and development with opportunities to expand expertise.
- Be part of building a new organization focused on enterprise security delivery.