Sr Cloud Detection Engineer

About The Position

Requirements

• 5+ years of experience in cybersecurity with a focus on cloud detection engineering.
• Typically a bachelor's degree or equivalent experience.
• Advanced technical and functional subject matter expert knowledge across security domains.
• Deep understanding of AWS, Azure, and GCP security services and logging (e.g., CloudTrail, Azure Activity Logs, GCP Audit Logs).
• Hands-on experience with container orchestration platforms and security tools (e.g., Falco, Sysdig, Aqua, Prisma Cloud).
• Proficiency in writing detection rules using Sigma, KQL, SPL, or similar query languages.
• Familiarity with MITRE ATT&CK Framework and its cloud matrix.
• Experience with SIEM/XDR platforms (e.g., Splunk, Sentinel, Chronicle, Elastic).
• Strong scripting skills (Python, PowerShell, Bash) for automation and enrichment.

Nice To Haves

• Certifications such as AWS Certified Security - Specialty, Azure Security Engineer Associate, or GCP Professional Cloud Security Engineer.
• Experience with Infrastructure-as-Code (IaC) and CI/CD pipeline security.
• Exposure to threat modeling and adversary emulation in cloud environments.
• Understanding of AI/ML threat models, including adversarial machine learning, model inversion, data poisoning, and evasion techniques.
• Experience securing ML pipelines and infrastructure, including model training, deployment, and monitoring stages.
• Familiarity with AI-specific logging and telemetry, such as model inference logs, feature drift, and anomaly detection.
• Ability to develop detections for AI misuse or abuse scenarios, including prompt injection, unauthorized model access, and synthetic identity generation.
• Knowledge of AI governance and compliance frameworks, including NIST AI RMF, EU AI Act, and emerging standards.
• Collaboration with data science and ML engineering teams to ensure secure model development and deployment practices.

Responsibilities

• Design and implement detection logic for cloud-native threats across AWS, Azure, and GCP.
• Develop and maintain container security detections (e.g., Kubernetes, Docker, EKS, AKS, GKE).
• Integrate detections into SIEM and XDR platforms, ensuring high fidelity and low noise.
• Collaborate with CTI and Threat Hunting teams to operationalize threat intelligence into detection use cases.
• Conduct gap analysis and contribute to visibility improvement initiatives.
• Participate in purple team exercises and breach & attack simulations to validate detection coverage.
• Provide technical mentorship to junior engineers and contribute to detection engineering standards.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law