Movable InkRemote
Security Detection Engineer
United States of America
Full-time
2 weeks ago
$110,000 - $130,000 USD
H1B Sponsor Likely
Key skills
SplunkMITRE ATT&CKCloud platformsEDR platformsCSPM toolsAnalytical skillsCommunication skillsSelf-motivatedAIAWSGCPPrismaOktaCommunicationCloud Security
About this role
Movable Ink is a company that scales content personalization for marketers through data-activated content generation and AI decisioning. They are hiring a Security Detection Engineer to enhance their security monitoring and detection capabilities, focusing on threat detection and response to security threats affecting their platform and enterprise customers.
Responsibilities:
- Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations
- Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage
- Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud)
- Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework
- Investigate alerts and escalate confirmed incidents according to our incident response procedures
- Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows
- Create dashboards and reports to provide visibility into security posture and detection effectiveness
- Document detection logic, runbooks, and response procedures
- Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts
- Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases
Requirements:
- 2+ years of experience in a security operations, detection engineering, or SIEM-focused role
- Hands-on experience writing and tuning SPL queries in Splunk
- Familiarity with common attack techniques and the MITRE ATT&CK framework
- Experience with cloud platforms (AWS or GCP) and understanding of cloud-specific threats
- Exposure to EDR platforms (CrowdStrike preferred) and CSPM tools
- Understanding of log sources such as Okta, Google Workspace, endpoint logs, and network traffic
- Strong analytical and troubleshooting skills with attention to detail
- Clear written and verbal communication skills; ability to document findings and escalate effectively
- Self-motivated and comfortable working autonomously with a distributed team