Threat Detection & Automation Engineer

About The Position

Requirements

• 8+ years of experience in cybersecurity engineering, security operations, or detection engineering, including building and maintaining detections for enterprise security environments.
• 8+ years of experience developing and tuning detections using security information and event management (SIEM) technologies, security orchestration, automation, and response (SOAR) platforms, and correlated rule logic for complex threat scenarios.
• 8+ years of experience scripting and automation development using Python, SQL, PowerShell, Bash, or similar languages to support integrations, telemetry processing, and response workflows.
• 8+ years of experience working with cybersecurity technologies such as endpoint detection and response (EDR), intrusion detection system or network detection and response (IDS/NDR), user and entity behavior analytics (UEBA), data loss prevention (DLP), web application firewall (WAF), proxy technologies, and cloud security services.
• Experience designing and supporting API integrations using representational state transfer (REST), JavaScript Object Notation (JSON), webhooks, OAuth, service accounts, and event-driven messaging patterns with measurable reliability and observability outcomes.
• Experience applying MITRE ATT&CK, detection coverage analysis, telemetry mapping, dashboard development, and threat reporting to improve cyber detection quality and operational awareness.
• Bachelor's degree in cybersecurity, computer science, information technology, engineering, or a related field, or equivalent combination of education, related experience and/or military experience.

Nice To Haves

• Experience with Google SecOps in enterprise-scale detection engineering or security operations environments.
• Experience applying artificial intelligence, machine learning, feature engineering, prompt engineering, and AI-assisted coding to cybersecurity analytics, enrichment, or automation use cases.
• Experience with infrastructure as code, continuous integration and continuous delivery (CI/CD), Git-based workflows, and platform automation using tools such as Terraform.
• Industry certifications such as GIAC Certified Incident Handler, GIAC Security Operations Certified, GIAC Certified Intrusion Analyst, GIAC Penetration Tester, GIAC Defending Advanced Threats, or equivalent certification.

Responsibilities

• Research adversarial techniques and translate threat behaviors into high-fidelity detections aligned to complex cybersecurity use cases.
• Design, build, and operate production-grade security detection infrastructure across Google SecOps and internal automation applications that support enrichment, orchestration, and response workflows.
• Lead telemetry and detection lifecycles, including source onboarding, parsing, normalization, enrichment, testing, deployment, tuning, and ongoing maintenance.
• Develop custom integrations, automations, and lightweight services using application programming interfaces (APIs), webhooks, and event-driven patterns to improve signal fidelity and reduce mean time to detect and mean time to respond.
• Create dashboards, metrics, and reports using business intelligence tools, structured query language (SQL), statistical analysis, and applied artificial intelligence and machine learning techniques to improve threat visibility and operational reporting.
• Apply Python, prompt-driven workflows, model context protocol (MCP) capabilities, and agent-to-agent orchestration patterns to support detection engineering, enrichment, and analytic decision support.
• Collaborate with threat intelligence, threat hunters, incident responders, red team, and engineering partners to evaluate detection coverage gaps and improve defensive capabilities.
• Manage work through Agile practices, documenting requirements, tracking delivery, and maintaining reliable platform operations across hybrid environments.

Benefits

• Fuel Your Life program to support your physical, financial, social, and emotional well-being.
• Paid holidays and generous time away policies.
• No-cost mental health support through Employee Assistance Programs.
• Living Proof program to recognize your peers’ extra effort with points redeemable for rewards.
• Eight Employee Resource Groups to foster a collaborative culture and expand your network.
• Unparalleled professional growth with training, development, and internal mobility opportunities.
• Medical, dental, vision, life, and disability insurance options available from day one.
• Retirement planning including 401k match and discounted shares with the Employee Stock Purchase Plan.
• Tuition assistance and reimbursement program.
• Paid parental and military leave.