RemoteLeaf Logo
Log in Sign up

Security Engineer - Threat Detection

2 hours, 47 minutes ago
Ireland
Full-time
Senior
Security Engineer
Software Development
Apache Spark AWS Azure Databricks Elasticsearch GCP Linux macOS Python SIEM Splunk SQL Trino
Apply Now
Stripe

Stripe

Stripe is a global technology company that provides financial infrastructure for the internet. They offer a suite of APIs and tools for businesses to accept online and in-person payments, automate financial processes, and embed financial services in th...

Diversified Financial Services
5K-10K
Founded 2009
$8700M raised
View All Jobs 103

Description

  • Design, build, and tune high-fidelity detections across modern SIEM platforms for adversary techniques across the full attack lifecycle.
  • Develop detection hypotheses by researching attacker tradecraft, identifying evidence sources, and mapping detection opportunities to available telemetry.
  • Conduct hypothesis-driven threat hunts to uncover malicious activity, identify detection gaps, and validate security controls.
  • Perform malware analysis and reverse engineering to extract indicators and inform detection strategies.
  • Build network-based and endpoint-based detections across Windows, Linux, and macOS using logs, EDR telemetry, memory artifacts, and protocol analysis.
  • Partner with Threat Intelligence to turn intel reports into detections, hunting leads, and enrichment logic.
  • Collaborate with incident response, SOC, and offensive security teams to validate and refine detections using real-world incidents and red team exercises.
  • Build data pipelines, automation, and tooling to support detection-as-code and scalable deployment.
  • Map and prioritize detection coverage against MITRE ATT&CK across key attack surfaces.
  • Lead projects, mentor teammates, and uphold quality standards within the team.

Requirements

  • 5+ years of experience in detection engineering, threat hunting, or security operations.
  • Experience writing detection logic in modern SIEM platforms such as Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, or Microsoft Sentinel.
  • Strong understanding of adversary tradecraft across the attack lifecycle, including initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration.
  • Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities.
  • Experience developing network-based and endpoint-based detections across Windows, Linux, and macOS.
  • Experience analyzing telemetry from endpoint, network, cloud environments such as AWS, GCP, or Azure, identity, and application log sources.
  • Proficiency in detection/query languages such as SPL, KQL, EQL, YARA-L, or SQL, and programming in Python or a similar language.
  • Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences.
  • Adversarial mindset with the ability to think like an attacker to build effective detections.
  • Experience in fintech, financial services, or highly regulated environments is preferred.
  • Background in malware analysis, reverse engineering, or threat research is preferred.
  • Experience with purple team operations and collaborative detection validation is preferred.
  • Familiarity with big data platforms such as Databricks, Trino, or PySpark for large-scale log analysis is preferred.
  • Proficiency with AI/LLM-assisted development tools such as Claude Code, Cursor, or GitHub Copilot applied to detection workflows is preferred.
  • Interest in agentic automation using LLMs to augment hunting, tuning, or triage is preferred.
  • Experience with detection validation tools such as Atomic Red Team or ATT&CK Evaluations is preferred.
  • Contributions to open-source detection content, research, or conference presentations are preferred.
  • Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM are preferred.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Pinterest

Security Software Engineer II, Corporate Security

Pinterest 5K-10K Internet Software & Services

Pinterest is hiring a Corporate Security team member to help protect its enterprise systems and data by building security-focused solutions in close collaboration with engineers and cross-functional partners.

United States Full-time Mid Level Security Engineer
$124k-$255k
CI/CD Cybersecurity Linux macOS Unix
17 minutes ago
Anduril Industries

Cloud Engineer – Factory Systems and Operational Technology

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is seeking a Cloud Infrastructure Engineer for its Factory Systems team to design and secure the cloud infrastructure that supports the full lifecycle of its defense hardware operations.

United States Full-time Senior Infrastructure Engineer Security Engineer
$129k-$193k
AWS Azure CI/CD CloudFormation GCP Go Kubernetes Python Rust Terraform
17 minutes ago
K

Security Engineer, Operations

K2 Space Corporation 51-200 Defense and Space Manufacturing

K2 Space is hiring a security operations professional to protect corporate and mission-critical environments supporting the development and launch of high-powered satellites.

United States Full-time Senior Security Engineer
$90k-$125k
C++ Cybersecurity Go Python Rust SIEM
32 minutes ago
Cribl

Senior Security Operations Engineer

Cribl 251-1K IT Services

Cribl is hiring a remote-first Security Operations Engineer to strengthen its information security posture by leading incident response, detection engineering, and threat investigations across the company’s environment.

United States Full-time Senior Security Engineer
$128k-$200k
AWS Azure Bash GCP Node.js OAuth OpenID Connect Python Ruby SAML SIEM
32 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers