Detection Engineer

Job Summary

Required Qualifications

• Comfortable building Python—APIs and JSON, basic error handling, and tests in a managed project (Poetry or similar)
• Ability to integrate systems via APIs—OAuth or API keys, retries, and handling partial failures
• Testing discipline—unit tests, readable failures, and fixing regressions you introduce before merge
• Git and collaborative development—small, reviewable changes with clear descriptions of risk and rollout
• Temperament for long-horizon work—you can focus on incremental pipeline quality while understanding it enables agentic SOC capabilities over time
• Strong problem-solving skills and curiosity about security operations; willingness to learn detection concepts with mentorship
• Bonus points for: Experience with scheduled jobs or Docker
• Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps, Microsoft Sentinel)
• Can navigate cloud primitives on GCP, Azure, or AWS (S3/GCS/Blob, Key Vault/Secret Manager/Secrets Manager, IAM roles and service principals)
• Experience with infrastructure as code (e.g. Terraform)
• Strong understanding of IAM principles in GCP (least privilege, service accounts, workload identity, and role bindings)