Security Engineer 4

As a Security Researcher, your role will involve the following key responsibilities: - Conduct security research and threat modeling, including investigating emerging TTPs, business-logic abuse patterns, and identity/OAuth attack paths. - Develop and maintain adversary playbooks aligned with MITRE ATT&CK framework and drive coverage roadmaps. - Implement detection engineering by creating high-quality detections using tools such as Sigma, KQL, SPL, OSQuery, and eBPF, versioned as code with CI/CD practices. - Instrument cloud/SaaS telemetry pipelines and optimize noise reduction through tuning, suppression, and risk scoring. - Utilize AI-assisted analytics for anomaly detection, clustering, and outlier triage, as well as prototype LLM/RAG assistants for playbook generation, enrichment, and hypothesis-driven hunts. - Collaborate with data teams to operationalize models with feedback loops and track precision/recall metrics. - Integrate threat intelligence by building ingestion/enrichment pipelines for TIPs, OSINT, ISACs, and vendor feeds, and normalize IOCs/TTPs. - Correlate threat intelligence with detections and hunts to drive proactive hardening and hypothesis creation. - Implement proactive controls such as authorization hardening, rate limits, and WAF rules, as well as automate response through SOAR/runbooks to reduce MTTD/MTTR. - Take ownership of coverage and efficacy KPIs, including FPR/FNR, time-to-detect, time-to-close, and alert fatigue metrics. - Conduct post-incident detection reviews and continuously enhance the detection catalog. Qualifications required for this role include: - 5-8+ years of experience in security engineering, detection engineering, or threat research for cloud/SaaS environments. - Applied experience in AI/ML for security, including feature engineering, anomaly detection, and basic model evaluation. - Proficiency in detection content skills using Sigma, KQL, SPL, OSQuery, and eBPF, along with detection-as-code practices like Git, tests, and CI/CD. - Demonstrated experience in threat hunting at scale through hypothesis-led and telemetry-driven methods. - Hands-on experience with SIEM/SOAR platforms and cloud-native telemetry solutions (e.g., AWS, GCP, Azure, Kubernetes, API logs). - Strong programming skills for automation and data wrangling using Python, Go, and proficiency in SQL. - Familiarity with MITRE ATT&CK framework, adversary emulation, and identity-centric threats such as SSO, OIDC, and OAuth. Preferred qualifications include: - Experience in building threat intelligence pipelines and TIP integrations, as well as mapping intelligence to detections, hunts, and playbooks. - Ability to tune detections to reduce false positives without compromising recall and implement risk-based alerting strategies.,