Snowflake has developed a world class cloud data platform that is effective, affordable and accessible to all data users. As we continue to scale globally, we are investing heavily in
AI-powered threat detection and response to protect our customers and our environment at cloud scale.
We are looking for a
Security Engineer - Threat Detection who will help enhance Snowflake's Threat Detection Program and extend the reach and impact of Threat Detection across Snowflake, with
AI and automation as core primitives in how we detect, triage, and respond to threats. You will combine security expertise with strong engineering skills to build, maintain, and evolve detections and supporting pipelines.
The ideal candidate seeks to gain a strong understanding of the Snowflake Product and Corporate environment, then uses that knowledge to create, optimize, and continuously improve detections that mitigate identified risks. You will partner with stakeholders across Security and Engineering, making informed, data-driven decisions based on threat models, proactive threat hunts, and data science-oriented exploration of logs and telemetry.
You will make recommendations for detective and preventative controls, and you will
design and build automations and AI-driven workflows that enhance our security posture and reduce mean time to detect and respond.
WHAT YOU NEED:- Security Engineering Experience (Threat Detection, Incident Response, Threat Hunting, Product Security, Corporate Security, or other related disciplines)
- Solid experience writing code-whether in software engineering, data engineering, or building automations (Python, Go, etc.), with a desire to apply these skills to AI/ML-powered use cases in detection and response.
- Experience collaborating with various security teams and stakeholders
- Ability to review and analyze logging and observability requirements that support detection and response
- A risk-based approach to security to help prioritize key security initiatives and determine when AI provides meaningful value over traditional rules and heuristics.
- Knowledge of the current security landscape with domain knowledge in several of: cloud security, identity and access, SaaS security, endpoint security, data security, and insider risk.
- An automation-first mindset for scaling security, including comfort with CI/CD, infrastructure as code, and "detections as code."
- Be a humble, team-oriented engineer who prioritizes team success in a zero-ego environment.
WHAT YOU WILL DO:- Develop and deploy detections using modern engineering practices (testing/validation, CI/CD pipelines, detections as code, detection development lifecycle, etc.), including both rules-based and AI-assisted detections.
- Mature our threat detection program by analyzing gaps and mitigating risks via detective controls, including experimentation with AI/ML approaches where they improve signal-to-noise ratio or analyst efficiency.
- Build and maintain strong partnerships with our stakeholders to provide detection as a service, including self-service patterns, reusable components, and AI-enhanced detections that support their domains.
- Continuously measure and improve detection quality (coverage, precision/recall, false positive rate, latency)
MINIMUM QUALIFICATIONS:- Experience with development in a high-level programming language (Go, Python, etc.), and comfort applying those skills to data-heavy, automation, or AI-related projects.
- Experience handling data programmatically (SQL, Python, etc.), ideally including large-scale log and telemetry datasets used for detection logic or analytics.
- Experience writing production code including unit tests, version control, and CI/CD integration.
- Experience with at least one major cloud provider (AWS, Azure, GCP) and understanding of its native logging, monitoring, and security services.
- Familiarity with the risks that impact SaaS products and workstations (e.g., account compromise, data exfiltration, phishing, supply chain attacks)
PREFERRED QUALIFICATIONS:- Computer Science degree or equivalent practical experience
- Experience developing and working with systems that utilize infrastructure as code (e.g., Terraform, CloudFormation), and/or "detections as code" frameworks
- Experience building and maintaining production-level software or platforms that process high-volume data streams (e.g., logging, metrics, traces) or power security analytics
- Experience deploying detections at a global scale
- Experience with Snowflake or equivalent cloud data platforms, including building data pipelines or analytics that could support security workloads
For jobs located in the United States, please visit the job posting on the Snowflake Careers Site for salary and benefits information: careers.snowflake.com
