Senior Security Engineer - Threat Intelligence & Detection Engineering; Hybrid - Seattle

Senior Security Engineer - Threat Intelligence & Detection Engineering (Hybrid - Seattle)

The Senior Security Engineer on the TIDE team is a hybrid practitioner who writes detection rules, hunts adversary activity across the data lake, and builds the automation that ties it all together. This role requires functional depth in at least two of the following domains: detection engineering, threat intelligence, threat hunting, security automation, investigation analysis, and incident response.

This role reports to the Sr. Manager of Threat Intelligence & Detection Engineering and serves as a lead technical contributor on the TIDE team, with independent project horizons of up to 120 days.

Design, develop, and maintain high-fidelity detection rules in Crowd Strike NG-SIEM (Log Scale/CQL) across endpoint, email, identity, network, and cloud domains

Operationalize the full detection lifecycle: threat modeling, logic development, empirical testing, deployment, tuning, and retirement

Build detection content aligned to MITRE ATT&CK, threat actor TTPs, and internal threat model priorities

Translate threat intelligence findings, incident post-mortems, and hunt discoveries into durable detection logic

Enforce detection engineering standards including taxonomy, quality criteria, and review processes

Collect, analyze, and operationalize tactical and technical threat intelligence from open-source, commercial, and internal sources

Produce actionable intelligence products including threat actor profiles, TTP summaries, and IOC packages that directly inform detection priorities and hunting hypotheses

Monitor threat actor campaigns targeting retail and e-commerce environments across email, endpoint, identity, supply chain, and insider risk vectors

Collaborate with CSIRT and SOC to enrich active investigations with adversary context

Apply AI-assisted tooling to accelerate intelligence processing, IOC enrichment, and adversary research

Design and execute hypothesis-driven threat hunts across endpoint, email, identity, network, and cloud telemetry

Apply structured hunting methodologies (MITRE ATT&CK-based, data-driven, indicator-based) to surface undetected adversary activity

Document hunt outcomes—including negative results—and feed confirmed patterns back into the detection library

Maintain visibility into coverage gaps and drive new hunt-to-detect cycles to close them

Provide technical escalation support for complex incidents involving identity compromise, endpoint intrusion, lateral movement, and data exfiltration

Conduct targeted forensic and log-based analysis during active investigations, contributing to root cause determination and containment decisions

Develop and maintain investigation runbooks and analyst guidance to improve SOC response fidelity

Build and maintain automation that accelerates detection deployment, alert triage, case enrichment, and threat intel processing

Develop integrations between SIEM, EDR, email security, SOAR, and threat intelligence platforms to reduce analyst toil

Apply scripting (Python, Power Shell) to operationalize repetitive workflows including IOC ingest, log parsing, and detection validation

Leverage AI and machine learning tools to improve detection quality, reduce false positive rates, and accelerate triage

Mentor less experienced team members through code review, knowledge transfer, and structured guidance

Partner with SOC, IAM, Platform Engineering, Email Security, and Cloud teams to ensure telemetry quality and detection coverage

Contribute to cross-functional initiatives including purple team exercises, tabletop scenarios, and platform migration readiness

4+ years of professional experience in detection engineering, threat intelligence, SOC/IR, threat hunting, or security automation

Demonstrated proficiency writing detection logic in at least one enterprise SIEM or XDR platform;
Crowd Strike NG-SIEM (Log Scale/CQL) experience strongly preferred

Working knowledge of MITRE ATT&CK at the…