Security Engineer - Argentina

📋 Description

• • At SenseOn, we are pioneering the future of security operations by leveraging Artificial Intelligence (AI) to not only assist security analysts but to actively drive the creation and evolution of detection engineering. We are seeking a highly skilled and motivated Security Engineer to join our remote team in Argentina. This role is unique, demanding a dual focus: crafting sophisticated detection rules that effectively neutralize current threats posed by adversaries, and contributing to the development of our advanced platform infrastructure that empowers AI to autonomously generate and refine these detection rules.
• • The cybersecurity landscape is undergoing a profound transformation. Adversaries are increasingly adopting AI to accelerate their attack methodologies, automate reconnaissance efforts, generate highly convincing phishing campaigns at scale, and adapt their tactics, techniques, and procedures (TTPs) at a pace that outstrips traditional detection cycles. Our ideal candidate will possess a deep understanding of this emerging class of AI-driven attacks and be adept at building detections specifically engineered to identify their unique signatures. This includes recognizing anomalous automation patterns, detecting LLM-generated content within sophisticated phishing chains, identifying unusually rapid and broad enumeration activities, and spotting AI-assisted lateral movement within networks.
• • Detecting AI-driven threats requires a mindset that mirrors AI itself. This position is not a traditional analyst role, nor is it a purely development-focused position. It sits at the critical intersection of both, and you will be instrumental in building the bridge that connects these disciplines. Your primary responsibilities will encompass two key areas: Detection Engineering and the AI-Driven Detection Platform.
• • **Detection Engineering (The Foundation):**
• • Author and meticulously maintain detection rules across SenseOn's sophisticated dual-engine architecture. This involves developing real-time streaming detections that are evaluated and executed within milliseconds, written in YAML and compiled into efficient binary rule sets.
• • Develop and manage batch behavioral detections, powered by parameterized ClickHouse SQL queries, which operate on a seconds-to-minutes cadence, providing robust behavioral analysis.
• • Construct and extend our comprehensive hunting query library. This includes creating MITRE ATT&CK-mapped ClickHouse queries that our security analysts utilize daily for proactive threat hunting and investigation.
• • Ensure precise mapping of every detection rule to the MITRE ATT&CK framework, including specific tactics, techniques, and granular sub-techniques, providing clear context and alignment with industry-standard threat intelligence.
• • Instrument your own rules to rigorously measure performance. This includes tracking false positive rates, defining clear confidence scores, building comprehensive test datasets, and taking full ownership of the quality and reliability of deployed detections.
• • Tune detections against real-world telemetry data, ensuring accuracy and effectiveness. Understanding the root cause of why a rule fires is as critical as ensuring it fires correctly.
• • **AI-Driven Detection Platform (The Mission):**
• • Extend our existing LLM-driven rule-writing engine to significantly broaden its coverage and capabilities, enabling it to generate a wider array of detection rules.
• • Design and build robust pipelines that empower Large Language Models (LLMs) to propose detection rules. These proposals can originate from various sources, including threat intelligence feeds, CVE disclosures, or insights derived from analyst hunt findings.
• • Implement structured output formats, YAML validation, and human-in-the-loop approval gates to ensure the quality and accuracy of AI-generated rules before deployment.
• • Develop sophisticated feedback loops. When a detection fires or generates a false positive, this signal must be effectively channeled back to improve the performance and accuracy of future AI-generated rules.
• • Define and refine prompt engineering strategies and establish an effective evaluation harness for the detection generation process. This includes tracking key metrics like precision, recall, false positive/true positive scoring, and MITRE alignment validation.
• • Collaborate closely with the engineering team to ensure our detection data model is AI-legible. This involves defining schemas, annotations, and context structures that LLMs can reliably reason over and utilize for detection generation.
• • Innovate on our hunting interface, exploring how analysts can describe threats in natural language and receive validated, actionable ClickHouse queries in return, streamlining the threat hunting process.
• • The technical stack you will be working with includes technologies like YAML, binary rule sets, ClickHouse SQL, LLMs, and various data pipeline tools. While expert-level proficiency across all these areas is not expected from day one, you should be comfortable working within this ecosystem and possess a clear understanding of where you will need to develop your skills. This is an exceptional opportunity to be at the forefront of AI-driven cybersecurity, shaping the future of threat detection and response.