Senior Solutions Architect, CSP (Copy)

Ocient Inc.Remote, USA
$170,000 - $280,000Remote

About The Position

Ocient's data engine ingests and queries full-fidelity network and security telemetry at petabyte scale, retaining 12-24 months without sampling and querying it in seconds. This role is for a Network Infrastructure & Security Engineer who leads by doing. This is a builder role, not a figurehead or advisory position. You will be responsible for writing SQL-based detections, building datasets and demo environments for development and proof, and making decisions on network probe and data-collection strategy. You will work closely with the Practice Leader and the Solutions team, focusing on hands-on work within the technical details.

Requirements

  • 5+ years in network security engineering, detection engineering, or SOC/threat hunting roles, with direct, hands-on experience building detection content.
  • Strong working experience with network telemetry: NetFlow/IPFIX, DNS logs, and PCAP analysis at scale.
  • Demonstrated experience writing detection logic or correlation content (Sigma rules, SIEM correlation rules, or custom SQL-based detections).
  • Proficiency in SQL and comfort working directly in large-scale data platforms or data warehouses.
  • Familiarity with network probe/sensor technologies (Gigamon, NetQuest, or open-source equivalents such as Zeek or Suricata) and their tradeoffs.
  • Solid understanding of the MITRE ATT&CK framework and behavioral/statistical anomaly detection methods.
  • Experience integrating detection output with SIEM/SOAR/EDR platforms (Splunk, Chronicle, Sentinel, CrowdStrike, SentinelOne, or similar).
  • Comfortable operating independently in a build-from-scratch, startup-within-a-company environment.

Nice To Haves

  • Experience with carrier-scale signaling protocols (Diameter, SS7) relevant to telecom security use cases.
  • Scripting/programming ability (Python) for automation, enrichment pipelines, and tooling.
  • Experience with cloud audit log analytics (AWS CloudTrail, Azure Activity Log, GCP Cloud Audit).
  • Experience with OT/ICS telemetry (Modbus, DNP3, IEC 61850) or protocols relevant to critical infrastructure.
  • Active security clearance, or eligibility to obtain one, for future government/defense engagements.

Responsibilities

  • Write detection logic: Design, write, and maintain SQL-based behavioral detections and anomaly-scoring logic using rolling 7/30/90-day baselines for various attack patterns.
  • Run the technical program day to day: Build, test, tune, and validate detections against real and simulated telemetry hands-on.
  • Build the datasets and demo environment: Generate underlying datasets needed to develop and showcase detections and use cases.
  • Make the work reusable: Build detection logic with approximately 90% reusability across supported industries.
  • Shape network probe & data collection strategy: Evaluate and help define the approach to high-volume network data capture, considering commercial and open-source alternatives.
  • Keep integrations clean: Ensure detections and enrichment output integrate cleanly with customers' existing SIEM/EDR stack.
  • Deliver hands-on during customer pilots: Provide hands-on technical delivery during customer proof-of-value pilots, including configuring ingestion, tuning baselines, and validating detections.
  • Document as you go: Write up detection logic, runbooks, and technical playbooks for maintainability and transferability.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service