About the RoleWe're hiring a Senior Software Engineer to architect scalable detection frameworks, integrate threat intelligence into automated security pipelines, and build AI-driven security operations at scale. You'll translate complex security requirements into production-grade software that protects our enterprise and cloud infrastructure - and you'll partner with red team, threat intel, and SOC engineers to move from signal to outcome.
Full Time position requires working 3 days a week in our Mountain View office (Hybrid)
What You'll Do- Design high-fidelity detections and correlation logic in Splunk Enterprise Security and AWS OpenSearch - tuning for coverage and signal-to-noise.
- Build AI-powered detection tooling that ingests threat intel and recommends new use cases using ML and NLP techniques.
- Write production Python, Java, and Bash to automate workflows, build internal tooling, and integrate with cloud and third-party APIs.
- Engineer ETL pipelines for log ingestion, normalization, and routing across AWS, multi-cloud, and on-prem environments.
- Translate red team findings, threat hunts, and pentest results into durable detection improvements and control enhancements.
- Drive detection standards and reusable patterns across endpoint, network, identity, and cloud domains.
- Mentor engineers and analysts on detection methodology, secure software practices, and architecture.
What You Have- Bachelor's degree in Computer Science, Cybersecurity, or a closely related technical field (Master's a plus).
- 6+ years in software and/or security engineering, with 2+ years building detections on enterprise SIEMs (Splunk, OpenSearch, Securonix, or equivalent).
- 2+ years hands-on experience developing security automation or AI/ML-based security applications in Python, Java, or similar.
- Strong command of AWS (SageMaker, OpenSearch, Lambda, IAM), EDR platforms (CrowdStrike, Carbon Black), and modern identity tooling.
- Fluency with MITRE ATT&CK, NIST CSF, Zero Trust, and CIS Controls; comfort integrating STIX/TAXII and MISP feeds.
- Track record supporting compliance audits (SOC 2, FedRAMP, ISO 27001, HIPAA, or SOX) from a hands-on engineering seat.
Nice to Have- Splunk Certified Architect or Developer; CISSP, CEH, or GIAC GCED.
- Experience applying ML to anomaly detection, behavioral analytics, or security NLP.
- Background in healthcare, financial services, or other regulated industries.
- Enterprise vulnerability management experience - authenticated scanning, CVSS prioritization, automated reporting.