Senior Security Engineer - Threat Intelligence & Detection Engineering (Hybrid - Seattle)

About The Position

Requirements

• 4+ years of professional experience in detection engineering, threat intelligence, SOC/IR, threat hunting, or security automation
• Demonstrated proficiency writing detection logic in at least one enterprise SIEM or XDR platform; CrowdStrike NG-SIEM (LogScale/CQL) experience strongly preferred
• Working knowledge of MITRE ATT&CK at the technique and sub-technique level; ability to map adversary behaviors to telemetry sources and detection logic
• Hands-on experience with EDR analysis, behavioral anomaly detection, and investigation of post-exploitation activity
• Hands-on experience with hypothesis-driven threat hunting; ability to document and execute an end-to-end hunt
• Scripting proficiency in Python and/or PowerShell for automation, log parsing, or investigative tooling
• Experience contributing to incident response for malware incidents, identity-based attacks, or insider threats
• Strong written communication skills; ability to produce clear, actionable documentation, detection rationale, and intelligence products
• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent professional experience

Nice To Haves

• Familiarity with identity attack patterns including AiTM, MFA fatigue, session hijacking, token replay, and adversarial abuse of SSO and federated identity platforms
• Experience with enterprise email security platforms and email-based threat detection including phishing, BEC, and malicious delivery mechanisms
• Exposure to SOAR platforms and workflow automation (CrowdStrike Fusion or equivalent)
• Experience with threat intelligence platforms (MISP, ThreatConnect, Recorded Future) and structured intel formats (STIX/TAXII)
• Knowledge of detection-as-code practices, version control (Git), and CI/CD integration for detection deployment
• Experience with cloud security telemetry (Azure, AWS) and cloud-native attack detection
• Demonstrated use of AI tools to accelerate detection development, security operations, or threat research
• Intermediate or advanced certifications such as GIAC GCIA, GCIH, GCTI, GDAT, or equivalent

Responsibilities

• Design, develop, and maintain high-fidelity detection rules in CrowdStrike NG-SIEM (LogScale/CQL) across endpoint, email, identity, network, and cloud domains
• Operationalize the full detection lifecycle: threat modeling, logic development, empirical testing, deployment, tuning, and retirement
• Build detection content aligned to MITRE ATT&CK, threat actor TTPs, and internal threat model priorities
• Translate threat intelligence findings, incident post-mortems, and hunt discoveries into durable detection logic
• Enforce detection engineering standards including taxonomy, quality criteria, and review processes
• Collect, analyze, and operationalize tactical and technical threat intelligence from open-source, commercial, and internal sources
• Produce actionable intelligence products including threat actor profiles, TTP summaries, and IOC packages that directly inform detection priorities and hunting hypotheses
• Monitor threat actor campaigns targeting retail and e-commerce environments across email, endpoint, identity, supply chain, and insider risk vectors
• Collaborate with CSIRT and SOC to enrich active investigations with adversary context
• Apply AI-assisted tooling to accelerate intelligence processing, IOC enrichment, and adversary research
• Design and execute hypothesis-driven threat hunts across endpoint, email, identity, network, and cloud telemetry
• Apply structured hunting methodologies (MITRE ATT&CK-based, data-driven, indicator-based) to surface undetected adversary activity
• Document hunt outcomes—including negative results—and feed confirmed patterns back into the detection library
• Maintain visibility into coverage gaps and drive new hunt-to-detect cycles to close them
• Provide technical escalation support for complex incidents involving identity compromise, endpoint intrusion, lateral movement, and data exfiltration
• Conduct targeted forensic and log-based analysis during active investigations, contributing to root cause determination and containment decisions
• Develop and maintain investigation runbooks and analyst guidance to improve SOC response fidelity
• Translate post-incident lessons learned into detection and hunting improvements
• Build and maintain automation that accelerates detection deployment, alert triage, case enrichment, and threat intel processing
• Develop integrations between SIEM, EDR, email security, SOAR, and threat intelligence platforms to reduce analyst toil
• Apply scripting (Python, PowerShell) to operationalize repetitive workflows including IOC ingest, log parsing, and detection validation
• Leverage AI and machine learning tools to improve detection quality, reduce false positive rates, and accelerate triage
• Mentor less experienced team members through code review, knowledge transfer, and structured guidance
• Partner with SOC, IAM, Platform Engineering, Email Security, and Cloud teams to ensure telemetry quality and detection coverage
• Contribute to cross-functional initiatives including purple team exercises, tabletop scenarios, and platform migration readiness

Benefits

• Medical/Vision
• Dental
• Retirement
• Paid Time Away
• Life Insurance
• Disability
• Merchandise Discount
• EAP Resources
• 401k
• medical/vision/dental/life/disability insurance options
• PTO accruals
• Holidays