Security Engineer M/F
Role details
Job location
Tech stack
Job description
endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment Lead projects, mentor teammates, and champion quality standards within the team 5+ years of experience in detection engineering, threat hunting, or security operations ~ Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel) ~ Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS) ~ Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources ~ Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L
Requirements
SQL) and programming (Python or similar) ~ Background in malware analysis, reverse engineering, or threat research Experience with purple team operations - collaborating with offensive security to validate detections Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations) Contributions to open-source detection content, research, or conference presentations Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM Linux, SIEM, Malware Analysis, Reverse Engineering, MITRE ATT&CK