Job
Description
Senior Detection Engineer / Threat Hunter Overview The next evolution of AI-powered cyber defense is here. With the rise of cloud and modern technologies, organizations struggle with the vast amount of data and thereby security alerts generated by their existing security tools. Cyberattacks continue to get more sophisticated and harder to detect in the sea of alerts and false positives. According to the Forrester 2023 Enterprise Breach Benchmark Report, a security breach costs organizations an average of $3M and takes organizations over 200 days to investigate and respond. AiStrike’s platform aims to reduce the time to investigate and respond to threats by over 90%. Our approach is to leverage the power of AI and machine learning to adopt an attacker mindset to prioritize and automate cyber threat investigation and response. The platform reduces alerts by 100:5 and provides detailed context and link analysis capabilities to investigate the alert. The platform also provides collaborative workflow and no code automation to cut down the time to respond to threats significantly. We’re seeking a senior-level Detection Engineer and Threat Hunter with deep expertise in modern SIEMs and a strong focus on AI-augmented threat detection and investigation. In this role, you’ll design scalable, modular detection content using Sigma, KQL, and platform-specific query languages — while working with AI to automate detection tuning, threat hunting hypotheses, and investigation workflows across enterprise and cloud environments. Key Responsibilities Develop high-fidelity, AI-ready detection templates to build detection rules in Sigma, KQL, SPL, Lucene, etc., for Microsoft Sentinel, Chronicle, Splunk, and Elastic. Leverage AI-powered engines to prioritize, cluster, and tune detection content dynamically based on environment behavior and telemetry changes. Identify visibility and data coverage gaps across cloud, identity, EDR, and SaaS log sources; work cross-functionally to close them. Lead proactive threat hunts driven by AI-assisted hypotheses, anomaly detection, and known threat actor TTPs. Contribute to AI-enhanced detection-as-code pipelines, integrating rules into CI/CD workflows and feedback loops. Collaborate with SOC, threat intel, and AI/data science teams to continuously evolve detection efficacy and reduce alert fatigue. Participate in adversary emulation, purple teaming, and post-incident reviews to drive continuous improvement. Required Skills 5+ years of hands-on experience in detection engineering, threat hunting, or security operations. Expert-level knowledge of at least two major SIEM platforms: Microsoft Sentinel, Google Chronicle, Splunk, Elastic, or similar. Strong proficiency in detection rule languages (Sigma, KQL, SPL, Lucene) and mapping to MITRE ATT&CK. Experience using or integrating AI/ML for detection enrichment, alert correlation, or anomaly-based hunting. Familiarity with telemetry sources (EDR, cloud, identity, DNS, proxy) and techniques to enrich or normalize them. Ability to document, test, and optimize detection rules and threat hunt queries in a modular, scalable fashion. Strong communication skills and the ability to translate complex threat scenarios into automated, AI-ready detection logic. Nice to Have Experience integrating AI/ML platforms for security analytics, behavior baselining, or entity risk scoring. Familiarity with detection-as-code and GitOps workflows for rule development, testing, and deployment. Scripting knowledge (Python, PowerShell) for enrichment, custom detection logic, or automation. Experience with purple teaming tools like Atomic Red Team, SCYTHE, or Caldera. AiStrike is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status regarding public assistance, familial status, military or veteran status or any other status protected by applicable law. Show more Show less
