Senior Cloud Detection Engineer

About the Role

We are seeking a highly skilled and motivated Senior Cloud Detection Engineer to join our Threat Detection Engineering team. This role is critical to advancing our Threat-Informed Defense strategy by developing and maintaining detection capabilities across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), with a strong emphasis on container security.

• Minneapolis, MN
• Cincinnati, OH
• Atlanta, GA
• Charlotte, NC
• Irving, TX

You will collaborate closely with Cyber Threat Intelligence, Threat Hunting, and SOC Response teams to build scalable, resilient, and actionable detections that improve visibility and reduce risk across our cloud environments.

Key Responsibilities

• Design and implement detection logic for cloud-native threats across AWS, Azure, and GCP.
• Develop and maintain container security detections (e.g., Kubernetes, Docker, EKS, AKS, GKE).
• Integrate detections into SIEM and XDR platforms, ensuring high fidelity and low noise.
• Collaborate with CTI and Threat Hunting teams to operationalize threat intelligence into detection use cases.
• Conduct gap analysis and contribute to visibility improvement initiatives.
• Participate in purple team exercises and breach & attack simulations to validate detection coverage.
• Provide technical mentorship to junior engineers and contribute to detection engineering standards.

Preferred Skills/Experience

• 5+ years of experience in cybersecurity with a focus on cloud detection engineering.

• Typically a bachelor's degree or equivalent experience
• Advanced technical and functional subject matter expert knowledge across security domains

Additional Skills:

• Deep understanding of AWS, Azure, and GCP security services and logging (e.g., CloudTrail, Azure Activity Logs, GCP Audit Logs).
• Hands-on experience with container orchestration platforms and security tools (e.g., Falco, Sysdig, Aqua, Prisma Cloud).
• Proficiency in writing detection rules using Sigma, KQL, SPL, or similar query languages.
• Familiarity with MITRE ATT&CK Framework and its cloud matrix.
• Experience with SIEM/XDR platforms (e.g., Splunk, Sentinel, Chronicle, Elastic).
• Strong scripting skills (Python, PowerShell, Bash) for automation and enrichment.
• Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, or GCP Professional Cloud Security Engineer.
• Experience with Infrastructure-as-Code (IaC) and CI/CD pipeline security.
• Exposure to threat modeling and adversary emulation in cloud environments.

AI-Enabled Systems Defense Skills

• Understanding of AI/ML threat models, including adversarial machine learning, model inversion, data poisoning, and evasion techniques.
• Experience securing ML pipelines and infrastructure, including model training, deployment, and monitoring stages.
• Familiarity with AI-specific logging and telemetry, such as model inference logs, feature drift, and anomaly detection.
• Ability to develop detections for AI misuse or abuse scenarios, including prompt injection, unauthorized model access, and synthetic identity generation.
• Knowledge of AI governance and compliance frameworks, including NIST AI RMF, EU AI Act, and emerging standards.
• Collaboration with data science and ML engineering teams to ensure secure model development and deployment practices.

Why Join Us?

Be part of a forward-thinking cyber defense organization driving Threat-Informed Defense.
Work with cutting-edge technologies and a collaborative team of experts.
Influence detection strategy and help shape the future of cloud security.