We are seeking a Detection Engineer to enhance our SaaS cloud security posture by developing, optimizing, and automating threat detection and response capabilities. This role involves designing and implementing detection-as-code, leveraging cloud-native security tools, and collaborating with security operations and engineering teams to identify, analyze, and mitigate cyber threats at cloud scale. The ideal candidate will have a strong background in cloud security, threat detection, and automation, with a deep understanding of SaaS-specific attack vectors.

Key Responsibilities Detection Development & Automation: Develop and implement high-fidelity detection rules using detection-as-code methodologies. Leverage SIEMs, XDR platforms, and cloud-native security services to create effective detections. Automate detection deployment, tuning, and maintenance. Threat Hunting & Incident Response: Conduct proactive threat hunting based on MITRE ATT&CK techniques, TTPs, and threat intelligence. Work closely with SOC analysts, IR teams, and Red Teams to refine detection logic and improve response processes. Log Management & Data Engineering: Identify, collect, and normalize security telemetry. Optimize log ingestion and parsing strategies for efficient threat detection. Threat Intelligence & Detection Optimization: Integrate threat intelligence feeds into detection workflows to improve alert accuracy. Continuously fine-tune detections to reduce false positives while maximizing coverage against emerging threats. Conduct proactive security research teams to stay ahead of evolving attack techniques in SaaS environments. Minimum Qualifications 3+ years of experience in security engineering, threat detection, or incident response, with a focus on cloud environments. Proficiency in detection-as-code, utilizing tools like Sigma, OpenSearch, KQL, or Splunk SPL. Strong knowledge of SaaS security challenges and cloud security frameworks (e.g., CIS, NIST, MITRE ATT&CK). Experience working with SIEM, SOAR, XDR, and cloud-native security tools. Hands-on experience with log analysis, threat intelligence, and detection engineering in cloud-first environments. Scripting and automation skills in Python, PowerShell, or Bash. Familiarity with container security (Kubernetes, Docker). Ability to work in high-scale SaaS environments and design efficient, automated detection workflows. Preferred Qualifications Experience with detection engineering, SOC operations, threat hunting, or digital forensics. Knowledge of detection frameworks (SIGMA, YARA, or custom ML-based detections). Familiarity with Terraform or other IaC tools for security automation. Experience developing security detections for API-driven applications and microservices. Cloud security certifications (e.g., AWS Security Specialty, GCP Security Engineer, Azure Security Engineer, GIAC GCDA/GCFA).

Career Level - IC4