Security Engineer, Detection Engineering - Saronic
View Company Profile- Job Title
- Security Engineer, Detection Engineering
- Job Location
- Austin, Texas
- Job Description
- Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.Security at Saronic is a force multiplier. We're seeking a Security Engineer at the senior-level or above on our Security Operations team with strong detection engineering experience. You'll design and develop high-fidelity detection content, build and operate the data pipelines that power our security operations, develop automation playbooks that accelerate response, and work across a uniquely diverse telemetry landscape spanning cloud infrastructure, embedded vessel platforms, corporate systems, and operational technology.This role is heavily weighted toward detection engineering. You should think in terms of adversary behavior and telemetry coverage, not just alert triage. You'll own detections end-to-end: from identifying gaps in coverage, through designing and testing detection logic, to tuning and validating in production.Key Responsibilities:
- Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources
- Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment
- Map detection coverage to MITRE ATT&CK, identify gaps, and prioritize new detection development based on threat intelligence and business risk
- Engineer correlation rules, behavioral analytics, and anomaly-based detections that minimize false positives while surfacing real adversary tradecraft
- Own the detection lifecycle from initial development through production tuning, performance monitoring, and retirement
- Build and operate pipelines to ingest, normalize, enrich, and manage security telemetry at scale across diverse data sources, using Terraform and infrastructure-as-code practices to deploy and maintain logging and detection infrastructure
- Design and maintain log collection, parsing, and enrichment configurations that ensure the right telemetry is available at the right fidelity for detection and investigation
- Evaluate and onboard new telemetry sources as Saronic's infrastructure and threat landscape evolve
- Monitor pipeline health, data quality, and ingestion reliability to ensure detections operate on complete and accurate data
- Develop and manage automated response playbooks in SOAR platforms to accelerate containment and reduce analyst toil
- Build automation that enriches alerts with contextual data, reducing investigation time and improving analyst decision-making
- Support incident response efforts and translate lessons learned into improved detections and playbooks
- Partner with SOC analysts, Cloud Security, Product Security, and IT teams to close visibility and detection gaps across environments
- Collaborate with threat intelligence to ensure detection engineering is informed by current adversary TTPs relevant to defense, maritime, and autonomous systems
Required Qualifications:- 3+ years of hands-on experience in detection engineering, security operations, security automation, or a closely related security engineering role
- Demonstrated experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP)
- Hands-on experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent
- Experience building and operating security data pipelines, including log ingestion, normalization, enrichment, and data quality management
- Understanding of data engineering concepts including ETL pipelines, data modeling, schema design, and indexing as applied to security telemetry
- Hands-on coding experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code
- Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis
- Ability to obtain and maintain a security clearance
Preferred Qualifications:- Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments
- Experience with EDR platforms including custom detection rule creation and telemetry analysis
- Experience with cloud-native detection in AWS and Microsoft 365/Azure
- Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations
- Hands-on experience with incident response, threat hunting, or adversary emulation
- Exposure to embedded Linux, operational technology, or ICS telemetry and detection
- Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring requirements
- Relevant certifications such as GCIH, GCIA, GCDA, GSOM, OSDA, or OSCP
Everything You Need, One Platform.
From job listings to startups, investors to funding rounds, and everything in between, Employbl puts the power in your hands. Why wait?
Start your free trial today!Stay Ahead of the Curve
Sign up for our newsletter to stay informed about the latest startups and trends in the tech market. Let Employbl be your guide to success.
Saronic Company Size
Between 10 - 500 employees
Saronic Founded Year
2022
Saronic Total Amount Raised
$845,499,904
Saronic Funding Rounds
View funding detailsSeries C
$600,000,000 USD
Series B
$175,499,911 USD
Series A
$55,000,000 USD
Seed
$15,000,000 USD