Senior Security Engineer – Detection Engineering
| Company | SpyCloud |
|---|---|
| Location | Austin, TX, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- 5+ years of full-time experience working in a security engineering role with a focus on detection engineering, incident response and/or threat hunting
- Demonstrated proficiency developing tools and automations with an object-oriented language, with a preference for Python
- Deep expertise using and administering Splunk Cloud or Splunk Enterprise and Splunk Enterprise Security
- Experience securing and performing threat detection and/or security engineering activities in Amazon Web Services
- Experience designing and operating cloud infrastructure using infrastructure-as-code principles
Responsibilities
- Develop and fine-tune threat detections and response runbooks covering SpyCloud’s products, cloud infrastructure, SaaS services, and corporate systems
- Perform strategic data collection, onboarding, and enrichment of new data sources from SpyCloud’s applications, SaaS services, third-party APIs, and threat intelligence platforms
- Ensure logging, detection, and response processes align with industry standards (MITRE ATT&CK, NIST, CIS, etc.)
- Participate in incident response efforts, including triage, containment, eradication, and recovery for security incidents
- Conduct threat hunting activities to proactively identify threats and attack vectors in our environments and integrate findings into security controls
- Work closely with IT, DevOps, and engineering teams to improve security monitoring coverage and align detection coverage with business goals
- Conduct knowledge-sharing sessions and training to help maintain our high team standards and culture of continuous learning
- Drive architectural and design decisions for SpyCloud’s security infrastructure and platforms
- Drive continuous improvement of processes, procedures, and tools used across the security engineering organization
- Automate and optimize workflows to improve the speed and accuracy of our detection and response efforts
Preferred Qualifications
- Experience leveraging Cribl Stream and Cribl Edge for optimized log collection and threat intelligence enrichment
- Prior experience with Detection as Code workflows and unit testing of detection rules