Security Engineer – Threat Detection

Security Engineer – Threat Detection

Requirements

• 3+ years of security experience in the modern cloud environments
• Hands-on experience in detection engineering using SPL and/or SQL
• Hands-on experience with SIEM and centralized logging (e.g., Splunk, Snowflake)
• Strong coding skills to build/automate (e.g., Python, Go)
• Experience with detection-as-code and/or securely deploying code via a CI/CD pipeline
• Strong understanding of tactics, techniques, and procedures used by threat actors
• Experience with threat modeling or attack path analysis to drive detection use cases
• Knowledge of system fundamentals, OS internals, and file systems for Linux and MacOS
• Knowledge of network security fundamentals and application in a cloud-first environment
• Automation-first approach for detection and response work performed
• Team player with a strong, self-managing work ethic

Responsibilities

• Develop, test, and deploy high fidelity signature and anomaly (DS/ML) based detections
• Conduct TTP-based threat models or attack path analysis to drive detection use cases
• Detect threats leveraging solutions such as SIEM, data lake, and cloud platforms
• Automate and codify detection and response processes and playbooks
• Build threat detection systems, tools, integrations and automations
• Configure and optimize detection and response technologies (e.g., SIEM, EDR, IDS/IPS)
• Support with threat response efforts and conduct ad-hoc threat hunts
• Support with log data onboarding into data lake and/or SIEM
• Collaborate across teams (site, product, engineering, IT) to understand Klaviyo environments and drive threat detection use cases

Preferred Qualifications

• Experience creating detections for Okta, Salesforce, Google Workspace a plus
• Experience securing cloud environments such as AWS, GCP, and/or Azure