Security Engineer - Security Data, Detection and Automation

About Nscale

Nscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start‑ups and large enterprise customers. Nscale enables AI‑focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility.

We are hiring a Senior Staff Engineer - Security Data, Detection and Automation to build the telemetry, detection, response automation, case‑quality metrics, and reporting foundation for an increasingly Nscale‑owned SOC capability.

This role sits at the intersection of security engineering, data engineering, detection engineering, and security operations. You will work across endpoint, identity, SaaS, cloud, network, vulnerability, and production access domains, partnering closely with security leadership as well as adjacent teams shaping identity and vulnerability management requirements.

Your impact will be strategic and measurable. The focus is not to create more alerts, but to turn raw telemetry into reliable, explainable, high‑signal security outcomes that strengthen internal ownership of detection logic, containment decisions, runbooks, executive metrics, case quality, and automation.

• Design security telemetry architecture across endpoint security, security analytics, identity platforms, SaaS systems, cloud platforms, vulnerability tools, endpoint inventory, and production access systems.
• Build a telemetry source map covering ownership, data quality, retention, coverage, priority use cases, and known gaps.
• Establish data quality, parser quality, ingestion health, field normalization, and source ownership standards.
• Create daily source‑health reporting and scoring for SIEM or security analytics data quality.

• Own the detection engineering lifecycle from hypothesis and data source selection through logic, testing, tuning, ownership, runbook, expiry, and metrics.
• Define high‑value detection use cases across identity, endpoint, SaaS, cloud, and production access.
• Develop detections with documented test logic, runbooks, data dependencies, and case‑quality criteria.
• Apply TTP‑led threat modeling across corporate, cloud, production, identity, SaaS, endpoint, insider, and AI‑agent risk scenarios.
• Validate detection coverage through attack simulation or other coverage‑testing approaches.

• Build SOAR and automation workflows that enrich alerts, suppress low‑value noise, route cases, and improve analyst decision‑making.
• Design scalable data pipelines, enrichment flows, and automations that improve operational quality.
• Implement detection‑as‑code or version‑controlled detection content where practical.
• Use automation to improve the consistency, explainability, and actionability of security outcomes.

• Measure MDR/SOC performance using case‑quality metrics such as false positive rate, time to triage, time to containment, evidence completeness, and escalation quality.
• Create a MDR/SOC case‑quality review loop for internal and external stakeholders.
• Produce security dashboards and executive reporting that connect security operations to measurable risk reduction.
• Improve alert explainability so analysts and leaders can understand why detections fired and which actions matter most.

• Partner with security leadership to strengthen internal ownership of detection logic, containment decisions, runbooks, executive metrics, and automation.
• Collaborate with Identity and Vulnerability Management hires to define production‑access, privileged‑access, and exposure‑driven detection requirements.
• Connect engineering and operational stakeholders around shared standards for telemetry quality, response workflows, and detection effectiveness.

• False positive rate
• Time to triage
• Time to containment
• Evidence completeness and escalation quality

• 8+ years in detection engineering, security data…