Minimum Qualification:

5–8+ years of experience in automation engineering, detection engineering, data engineering, or cloud/SaaS security. Strong programming and automation skills (Python/Go) with expertise in CI/CD, testing automation, and pipeline orchestration. Experience building telemetry ingestion and normalization pipelines (Kafka, Kinesis, Pub/Sub, Elastic, Snowflake, BigQuery). Hands-on experience with SIEM/SOAR integrations and detection content formats (Sigma/KQL/SPL/OSQuery/eBPF). Knowledge of applied AI/ML concepts for automation (anomaly detection, clustering, feature engineering). Familiarity with cloud-native logging (AWS/GCP/Azure) and API-driven telemetry. Ability to automate validation, noise reduction, and feedback loops for detections at scale.

 

Preferred Qualification:

Experience building automated threat intelligence ingestion, normalization, and correlation pipelines. Background in automated detection tuning, false positive reduction, and statistical signal modeling. Exposure to SOC workflows, adversary simulation, and detection content quality engineering. Experience designing automated hunt pipelines or enrichment systems. Security knowledge (MITRE ATT&CK, ID-based attacks, adversary behavior) is a plus, not required. Certifications such as GCP/AWS Security, GIAC (GCDA, GCTI, GCFA) are helpful but not mandatory.