security
Posted Mar 12Security Engineer, Detection Engineering
at Saronic
Austin, United StatesOn-site
Responsibilities
- RESPONSIBILITIES: - Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources - Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment - Map detection coverage to MITRE ATT&CK, identify gaps, and prioritize new detection development based on threat intelligence and business risk - Engineer correlation rules, behavioral
Requirements
- We're seeking a Security Engineer at the senior-level or above on our Security Operations team with strong detection engineering experience.
- experience in detection engineering, security operations, security automation, or a closely related security engineering role - Demonstrated
- experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP) - Hands-on
- experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent -
- Experience building and operating security data pipelines, including log ingestion, normalization, enrichment, and data quality management - Understanding of data engineering concepts including ETL pipelines, data modeling, schema design, and indexing as applied to security telemetry - Hands-on coding
- experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code - Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis - Ability to obtain and maintain a security clearance PREFERRED QUALIFICATIONS: -
- Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments -
- Experience with EDR platforms including custom detection rule creation and telemetry analysis -
- Experience with cloud-native detection in AWS and Microsoft 365/Azure -
- Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations - Hands-on
- experience with incident response, threat hunting, or adversary emulation - Exposure to embedded Linux, operational technology, or ICS telemetry and detection - Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring