Sr. Detection Engineer - Logflow - Security Lake

Role Overview

Senior Detection Engineer for LogFlow (Security Lake) in the Detection Engineering / Security Data Platform team. You will design and build detections that run on top of large-scale security log pipelines, working directly with raw security telemetry and shaping how detection-ready data is ingested and normalized.

Responsibilities

• Design and build detections on top of large-scale security log pipelines
• Work with raw security telemetry (e.g., cloud logs, audit logs, infra logs, identity logs)
• Define normalization and enrichment logic to make detections reliable and portable
• Author and tune detection logic to balance signal quality vs. noise (false positives)
• Partner with ingestion and platform engineers to improve log quality at the source
• Help shape how the Security Lake stores, queries, and exposes data for detection use cases

Requirements

• 5+ years in detection engineering, security analytics, or security data engineering
• Hands-on experience writing detections on log-based security data
• Deep familiarity with security telemetry (cloud audit logs, identity logs, infra logs, EDR, network, etc.)
• Understanding of tradeoffs between normalized vs. raw logs
• Ability to handle messy/inconsistent data and make it detection-ready
• Reasoning about detections at scale (e.g., performance, cost, and false positives)

Nice to Have

• Experience with SIEMs, security lakes, or custom detection platforms
• Familiarity with log ingestion pipelines or log shippers/collectors
• Experience working close to data platforms / security data infrastructure
• Scripting/query experience (e.g., SQL-like languages, Python)
• Exposure to detection-as-code and version-controlled detection logic