Security Research Engineer II (Threat Research & Detection Engineering)

TL;DR

Security Research Engineer II (Threat Research & Detection Engineering): Developing and maintaining prebuilt detection logic, researching emerging threats, and validating detection efficacy with an accent on driving threat research and real telemetry into high-quality, reliable, high-efficacy detection content. Focus on practical detection development and validation across multiple data sources and attack surfaces, including writing and refining detection logic, validating rule behavior, and improving detection quality through telemetry analysis and testing.

Location: Globally remote, with employment restrictions for individuals located in or nationals of Belarus, Cuba, Iran, North Korea, Russia, Syria, the Crimea Region of Ukraine, the Donetsk People’s Republic (“DNR”), and the Luhansk People’s Republic (“LNR”) due to U.S. export controls and licensing requirements.

Company

hirify.global, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale.

What you will do

• Create and refine detection logic across multiple domains (endpoint, cloud, identity, network, web, and email) using hirify.global data sources.
• Validate rule behavior through functional testing, false-positive review, and iterative tuning.
• Evaluate attack paths across domains and contribute to coverage improvements throughout the kill chain.
• Analyze multi-source telemetry to uncover detection opportunities and strengthen signal-to-noise ratios.
• Support cloud security validation efforts for AWS, Azure, or GCP detections.
• Collaborate with senior researchers to test new detection approaches and incorporate emerging attacker techniques.

Requirements

• Strong security fundamentals and hands-on detection engineering experience.
• Experience in detection engineering, threat research, SOC operations, incident response, or related blue-team roles.
• Understanding of core concepts across multiple security domains.
• Ability to write or validate detections using EQL, KQL, SQL, or similar query languages.
• Familiarity with MITRE ATT&CK, MITRE ATLAS, and their application to mapping detection coverage.
• Strong analytical and problem-solving skills, especially around false positives and weak-signal detection logic.
• English: B2 required.

Nice to have

• Understanding of the hirify.global Security Solution, hirify.global’s prebuilt rules, query languages, or the hirify.global Common Schema.
• Experience with exposure validation, security control testing, or attack path validation platforms.
• Ability to generate or script test telemetry using Python, Bash, or PowerShell.
• Contributions to community detection content, blogs, or security rule repositories.

Culture & Benefits

• Competitive pay based on the work you do, not previous salary.
• Health coverage for you and your family in many locations.
• Ability to craft your calendar with flexible locations and schedules.
• Generous number of vacation days each year.
• Up to $2000 (or local currency equivalent) matching for financial donations and service.
• Up to 40 hours each year to use toward volunteer projects.
• Minimum of 16 weeks of parental leave.