Senior Security Developer / Researcher – Detection

Job Title: Senior Security Developer / Researcher – Detection

Experience: 5+ Years

Employment Type: Full-time

Role Overview

We are seeking a highly skilled Senior Security Developer / Researcher – Detection to design, develop, and scale advanced security detections across cloud and endpoint environments. This role is ideal for a driven detection engineer with strong experience in threat research, behavioral detection development, and continuous tuning of large-scale detection systems.

You will work closely with detection, response, and security services teams to ensure high-quality, actionable detections that help reduce cyber risk.

Key Responsibilities

Detection Engineering & Development

- Design, develop, and maintain Python- and YAML-based security detections. - Build behavioral, anomaly-based, and signature-based detections across cloud and endpoint telemetry. - Continuously tune and optimize detections to reduce false positives and improve efficacy. - Develop detections for SIEM, EDR, and cloud-native security platforms. - Research and model threats across multiple attack surfaces.

Threat Research & Analysis

- Analyze cloud logs, email telemetry, OAuth activity, and identity-based attacks. - Work with OS-specific telemetry including Windows Security/Sysmon logs, Linux, and macOS. - Monitor Windows PowerShell activity and suspicious execution patterns. - Maintain awareness of the evolving threat landscape, attack techniques, and tooling. - Analyze penetration testing tools and real-world attack techniques to inform detection logic.

Collaboration & Quality

- Collaborate with team members to design novel detections and improve existing coverage. - Participate in code reviews, providing constructive feedback to maintain code quality. - Debug and enhance existing detection codebases. - Create runbooks, reports, and supporting documentation for detection surfaces. - Participate in the full software development lifecycle, ensuring secure, testable, and maintainable code.

Required Qualifications

- 5+ years of professional experience as a Detection Developer, with strong focus on cloud security. - Hands-on experience developing detections using Python and/or YAML (or similar custom detection languages). - Strong experience with: - SIEM detections - EDR detections/signatures - Behavioral and anomaly-based detection development - Experience working with: - Windows Security logs, Sysmon - Linux and macOS telemetry - Cloud identity and access telemetry - Strong understanding of detection tuning and optimization. - Experience participating in security-focused software development projects.