Cloud Runtime Threat Detections Engineer (Cybersecurity)

TL;DR

Cloud Runtime Threat Detections Engineer (Cybersecurity): Safeguarding cloud environments through innovative detection and response capabilities with an accent on threat intelligence, rapid incident response, and detection engineering. Focus on analyzing real-world security incidents, developing detection logic for cloud runtime environments, and driving innovation for emerging platforms.

Location: Hybrid in Bucharest, Romania

Company

hirify.global is a global leader in cybersecurity, protecting organizations with the world’s most advanced AI-native platform, processing almost 3 trillion events per day.

What you will do

• Stay abreast of cloud security trends, updating detection strategies for Linux, containers, Kubernetes, and virtualization platforms.
• Conduct proactive threat hunting and analyze security incidents to translate threat intelligence into actionable detection coverage.
• Execute rapid responses to critical security incidents, deploying detection coverage at a global scale.
• Develop, implement, and optimize detection logic for cloud runtime environments, leveraging automation and AI-powered tools.
• Drive detection engineering initiatives for emerging platforms including Kubernetes audit logs and ESXi/vSphere environments.
• Present threat detection findings, publish technical blog posts, and represent hirify.global at industry conferences.

Requirements

• Deep understanding of Linux-based systems, including process execution, file systems, networking, and kernel internals.
• Demonstrated experience in container/container orchestrator intrusion analysis, detection development, or malware analysis.
• Proficiency with Python and Bash for automation and tooling development.
• Experience with large-scale data analysis using SIEM or data analytics platforms.
• Knowledge of detection engineering methodologies including behavioral analysis, static/dynamic indicators, and pattern matching.
• English: B2 required
• Location: Hybrid in Bucharest, Romania

Nice to have

• Hands-on experience with Kubernetes, Docker, ESXi/vSphere, or other cloud-native and virtualization platforms.
• Familiarity with MITRE ATT&CK framework and ability to map adversary techniques to detection logic.
• Background in threat hunting, incident response, or security operations.
• Understanding of web application security.
• Experience with threat actor tradecraft and campaign analysis.
• Understanding of cloud-based infrastructure and public cloud services (Azure, AWS, Google Cloud).
• Contributions to the open source community or published research papers.

Culture & Benefits

• Market leader in compensation and equity awards.
• Comprehensive physical and mental wellness programs.
• Competitive vacation, holidays, and paid parental/adoption leaves.
• Professional development opportunities for all employees.
• Employee Networks, geographic neighborhood groups, and volunteer opportunities.
• Vibrant office culture with world-class amenities.