This role goes beyond traditionaldetectionengineering: you’ll help improve and build ourDetection Engineering Agent, responsible for continuously grading and improvingdetectioncoverage based on a customer’s available telemetry, configuration, and behavioral baselines.You’ll work acrossmulti-cloud,hybrid, anddata-lakeenvironments to design modular detections that don’t depend on centralized data storage, but instead leverage federated queries, metadata scoring, and AI-based prioritization.The ideal candidate combinesdeep hands-on SIEM expertisewith aproduct mindset: able to design scalabledetectionpipelines, integrate AI feedback, and quantifydetectionefficacy at enterprise scale.

Key Responsibilities

• Design and maintain modular, high-fidelity detections using Sigma, KQL, SPL, Lucene, and other rule/query languages for Sentinel, Splunk, Chronicle, Elastic, and data-lake environments (Snowflake, BigQuery, Databricks).
  

• Build and evolve AiStrike’s Detection Engineering Agent, enabling real-time tracking, grading, and ranking of a customer’s environment based on data coverage, signal quality, and rule performance.
  

• Develop detections that operate without centralized storage, leveraging federated queries, streaming analytics, and metadata summarization instead of raw data ingestion.
  

• Quantify coverage gaps across identity, endpoint, cloud, network, and SaaS telemetry; collaborate cross-functionally to enhance observability and threat visibility.
  

• Integrate AI and ML models for automated rule tuning, false positive reduction, and behavioral correlation.
  

• Implement feedback-driven rule lifecycle management, including performance tracking (TP/FP/FN), version control, and graceful rule deprecation or promotion.
  

• Collaborate with SOC, data science, and platform teams to continuously improve detection quality and automate enrichment or response actions via SOAR platforms.
  

• Manage detection-as-code pipelines, ensuring CI/CD integration, modular content reuse, and full traceability of changes.
  

Required Skills

• 5+ years of experience in detection engineering, threat hunting, and SOC operations.
  

• Expertise in at least two major SIEMs (Sentinel, Google SecOps / Chronicle, Splunk) and data-lake query environments (Snowflake/ Databricks).
  

• Strong command of Sigma, KQL, SPL, or Lucene, with the ability to abstract detection logic into environment-agnostic templates.
  

• Experience with federated detection queries and data modeling for environments without long-term log storage.
  

• Familiarity with AI/ML-driven prioritization for detection scoring, clustering, or environment-based tuning.
  

• Ability to handle diverse telemetry: cloud (AWS/Azure/GCP), IAM, EDR, firewall, Windows event logs, network, and SaaS platforms.
  

• Experience in GitOps/detection-as-code workflows with version control, testing, and deployment pipelines.
  

• Excellent communication and documentation skills with a focus on translating technical detections into product-ready content.
  

Nice to Have

• Experience building or contributing to detection optimization or coverage grading frameworks.
  

• Scripting in Python or PowerShell for automation, enrichment, and testing.
  

• Familiarity with SOAR integration, purple teaming frameworks, and automated response orchestration.
  

• Background in AI/ML model feedback integration for detection scoring or prioritization.

Why Join AiStrike

• Shape the future of autonomous cyber defense.
• Work directly with a founding team that helped scale Securonix to a $1B+ outcome.
• Be part of a high-growth company at the forefront of AI and cybersecurity innovation.
• Competitive compensation package including equity.