Senior Integration Engineer (Cybersecurity)

TL;DR

Senior Integration Engineer (Cybersecurity): Transforming integration landscape for secure, scalable architecture with an accent on vendor connectors, detection pipelines, and event ingestion. Focus on building API integrations, managing credentials, deploying rules to SIEMs, and troubleshooting data sync issues.

Location: Remote (Argentina)

Salary: $60K – $80K

Company

Cybersecurity company building secure integration platforms for threat detection and response.

What you will do

• Maintain and improve existing integration connectors for vendors like CrowdStrike, Sentinel, Palo Alto, Fortinet.
• Build new vendor connectors handling auth, data formatting, batching, error handling, rate limiting.
• Implement detection rule deployment pipelines pushing Sigma rules to SIEMs via APIs.
• Develop inbound event ingestion pulling security events from customer SIEMs for correlation.
• Own credential management system for secure storage, rotation, validation of API keys and tokens.
• Build bulk feed exports in STIX/TAXII, EDL, CSV formats hosted on S3.
• Design job scheduling and monitoring with Celery tasks, retry logic, alerting.
• Support data lake integrations with Snowflake, Databricks for SQL-based detections.
• Troubleshoot integration issues, write tests, maintain health checks.

Requirements

• Python 3+ years (90% of the work).
• REST API integration: third-party APIs, OAuth2/API key auth, pagination, rate limiting, retry with backoff.
• Hands-on with 2-3 SIEM/EDR platforms: CrowdStrike Falcon, Splunk, Microsoft Sentinel, Palo Alto, Fortinet, Zscaler.
• Background job systems: Celery, RQ or equivalent (scheduling, error handling, dead letter queues).
• Data serialization: JSON, CSV, XML; transforming vendor formats.
• SQL for queries against security event data.
• AWS fundamentals: S3, Secrets Manager.
• Git version control, PR workflow.

Nice to have

• falconpy (CrowdStrike Python SDK).
• STIX 2.x / TAXII 2.1.
• EDL pattern (Palo Alto, Zscaler, FortiGate).
• FastAPI or async Python web framework.
• Sigma rule format.
• Snowflake / Databricks for detection engineering.
• Threat intelligence knowledge: IOCs, blocklists, SOC needs.
• Experience at security vendor (SOAR, TIP, SIEM, MDR).
• Vendor partner programs (CrowdStrike Marketplace, etc.).

Culture & Benefits

• US holidays.
• 15 days of PTO.
• MacBook provided.

Hiring process

• Silver Screening interview.
• Silver Technical Interview.
• Client Behavioral Interview.
• Client Technical Interview.