Senior Security Engineer, Detection Engineering

Summary

Join SpyCloud's security team as a Senior Security Engineer and contribute to making the internet safer. You will develop and refine threat detections, perform data collection and enrichment, ensure alignment with industry standards, and participate in incident response. Collaboration with other teams, knowledge sharing, and technical leadership are key aspects of the role. The position requires extensive experience in security engineering, proficiency in Python and Splunk, and experience with AWS. SpyCloud offers a comprehensive benefits package including health insurance, retirement plans, paid time off, and flexible work options.

Requirements

• 5+ years of full-time experience working in a security engineering role with a focus on detection engineering, incident response and/or threat hunting
• Demonstrated proficiency developing tools and automations with an object-oriented language, with a preference for Python
• Deep expertise using and administering Splunk Cloud or Splunk Enterprise and Splunk Enterprise Security
• Experience securing and performing threat detection and/or security engineering activities in Amazon Web Services
• Experience designing and operating cloud infrastructure using infrastructure-as-code principles

Responsibilities

• Develop and fine-tune threat detections and response runbooks covering SpyCloud’s products, cloud infrastructure, SaaS services, and corporate systems
• Perform strategic data collection, onboarding, and enrichment of new data sources from SpyCloud’s applications, SaaS services, third-party APIs, and threat intelligence platforms
• Ensure logging, detection, and response processes align with industry standards (MITRE ATT&CK, NIST, CIS, etc.)
• Participate in incident response efforts, including triage, containment, eradication, and recovery for security incidents
• Conduct threat hunting activities to proactively identify threats and attack vectors in our environments and integrate findings into security controls
• Work closely with IT, DevOps, and engineering teams to improve security monitoring coverage and align detection coverage with business goals
• Conduct knowledge-sharing sessions and training to help maintain our high team standards and culture of continuous learning
• Drive architectural and design decisions for SpyCloud’s security infrastructure and platforms
• Drive continuous improvement of processes, procedures, and tools used across the security engineering organization
• Automate and optimize workflows to improve the speed and accuracy of our detection and response efforts

Preferred Qualifications

• Experience leveraging Cribl Stream and Cribl Edge for optimized log collection and threat intelligence enrichment
• Prior experience with Detection as Code workflows and unit testing of detection rules

Benefits

• 401(k)
• Health, Vision, and Dental Insurance
• Generous PTO Plan
• In-office meals provided
• 401(k) with Employer Contribution
• Health, Vision, and Dental Insurance Health Savings Account (HSA) available with Employer Contribution
• Employer Paid Life, Short-term, and Long-term Disability Insurance
• Generous PTO Plan and 16 paid holidays per year
• Retirement Savings Plan with Employer Contribution
• Employer Provided Private Health Insurance and Healthcare Cashplan
• Employer Paid Life Insurance and Income Replacement
• Generous Holiday Plan and 14 paid holidays per year
• Flexible and remote-friendly work options